CVE-2001-0463

Description

Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter.

Affected products

• acme_labs / perlcal2.3 – 2.3
• acme_labs / perlcal2.4 – 2.4
• acme_labs / perlcal2.5 – 2.5
• acme_labs / perlcal2.6 – 2.6
• acme_labs / perlcal2.7 – 2.7
• acme_labs / perlcal2.9 – 2.9
• acme_labs / perlcal2.9a – 2.9a
• acme_labs / perlcal2.9b – 2.9b
• acme_labs / perlcal2.9c – 2.9c
• acme_labs / perlcal2.9d – 2.9d
• acme_labs / perlcal2.9e – 2.9e
• acme_labs / perlcal2.13 – 2.13
• acme_labs / perlcal2.18 – 2.18
• acme_labs / perlcal2.80 – 2.80
• acme_labs / perlcal2.95 – 2.95

References

• MISChttp://www.perlcal.com/calendar/docs/bugs.txt
• MISChttp://www.securityfocus.com/bid/2663
• MISChttp://archives.neohapsis.com/archives/bugtraq/2001-04/0506.html
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/6480