WebCalendar Multiple Vulnerabilities

2005.11.29
Credit: ascii (ascii katamail com)
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2005-3949 | CVE-2005-3961
CWE: N/A

WebCalendar Multiple Vulnerabilities Name Multiple Vulnerabilities in WebCalendar Systems Affected WebCalendar (verified on 1.0.1) Severity Medium Risk Vendor www.k5n.us/webcalendar.php?topic=About Advisory http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/ Advisory http://www.ush.it/team/ascii/hack-WebCalendar/advisory.txt Author Francesco "?aScii"? Ongaro (ascii at katamail . com) Date 20051128 WebCalendar is vulnerable to four SQL Injection (files activity_log.php, admin_handler.php, edit_template.php and export_handler.php) and one local file overwrite (export_handler.php), input validation will fix. Advisory released on 20051128: WebCalendar Multiple Vulnerabilities http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top