Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Perlcal | Acme_labs | 2.3 (including) | 2.3 (including) |
| Perlcal | Acme_labs | 2.4 (including) | 2.4 (including) |
| Perlcal | Acme_labs | 2.5 (including) | 2.5 (including) |
| Perlcal | Acme_labs | 2.6 (including) | 2.6 (including) |
| Perlcal | Acme_labs | 2.7 (including) | 2.7 (including) |
| Perlcal | Acme_labs | 2.9 (including) | 2.9 (including) |
| Perlcal | Acme_labs | 2.9a (including) | 2.9a (including) |
| Perlcal | Acme_labs | 2.9b (including) | 2.9b (including) |
| Perlcal | Acme_labs | 2.9c (including) | 2.9c (including) |
| Perlcal | Acme_labs | 2.9d (including) | 2.9d (including) |
| Perlcal | Acme_labs | 2.9e (including) | 2.9e (including) |
| Perlcal | Acme_labs | 2.13 (including) | 2.13 (including) |
| Perlcal | Acme_labs | 2.18 (including) | 2.18 (including) |
| Perlcal | Acme_labs | 2.80 (including) | 2.80 (including) |
| Perlcal | Acme_labs | 2.95 (including) | 2.95 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0506.html
- http://www.perlcal.com/calendar/docs/bugs.txt
- http://www.securityfocus.com/bid/2663
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6480
- http://archives.neohapsis.com/archives/bugtraq/2001-04/0506.html
- http://www.perlcal.com/calendar/docs/bugs.txt
- http://www.securityfocus.com/bid/2663
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6480