Bugtraq mailing list archives
WebCalendar Multiple Vulnerabilities
From: ascii <ascii () katamail com>
Date: Mon, 28 Nov 2005 17:47:22 +0100
WebCalendar Multiple Vulnerabilities Name Multiple Vulnerabilities in WebCalendar Systems Affected WebCalendar (verified on 1.0.1) Severity Medium Risk Vendor www.k5n.us/webcalendar.php?topic=About Advisory http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/ Advisory http://www.ush.it/team/ascii/hack-WebCalendar/advisory.txt Author Francesco "aScii" Ongaro (ascii at katamail . com) Date 20051128 WebCalendar is vulnerable to four SQL Injection (files activity_log.php, admin_handler.php, edit_template.php and export_handler.php) and one local file overwrite (export_handler.php), input validation will fix. Advisory released on 20051128: WebCalendar Multiple Vulnerabilities http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/
Current thread:
- WebCalendar Multiple Vulnerabilities ascii (Nov 28)
- Re: WebCalendar Multiple Vulnerabilities Paul Laudanski (Nov 30)
- Re: WebCalendar Multiple Vulnerabilities ascii (Nov 30)
- Re: WebCalendar Multiple Vulnerabilities Paul Laudanski (Nov 30)