This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
iDefense Labs reports :
Remote exploitation of a design error in Horde's Kronolith could allow
an authenticated web mail user to execute arbitrary PHP code under the
security context of the running web server.
The vulnerability specifically exists due to a design error in the way
it includes certain files. Specifically, the 'lib/FBView.php' file
contains a function 'Kronolith_FreeBusy_View::factory' which will
include local files that are supplied via the 'view' HTTP GET request
See also :
Update the affected package.
Risk factor :
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 23744 (freebsd_pkg_a8af7d70800711dbb2800008743bf21a.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now