[ml] WebCalendar Multiple Vulnerabilities

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Novembre 2005 ml@sikurezza.org
Soggetto: [ml] WebCalendar Multiple Vulnerabilities
Mittente: ascii
Data: Mon, 28 Nov 2005 17:47:52 +0100 (CET)

WebCalendar Multiple Vulnerabilities
	
 Name              Multiple Vulnerabilities in WebCalendar
 Systems Affected  WebCalendar (verified on 1.0.1)
 Severity          Medium Risk
 Vendor            www.k5n.us/webcalendar.php?topic=About
 Advisory
  http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/
 Advisory
  http://www.ush.it/team/ascii/hack-WebCalendar/advisory.txt
 Author            Francesco "ÂaScii"Â Ongaro (ascii at katamail . com)
 Date              20051128

WebCalendar is vulnerable to four SQL Injection (files activity_log.php,
admin_handler.php, edit_template.php and export_handler.php) and one
local file overwrite (export_handler.php), input validation will fix.

Advisory released on 20051128:
WebCalendar Multiple Vulnerabilities
http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/

Data:
- precedente: [ml] Php Web Statistik Multiple Vulnerabilities, ascii
- successivo: Re: [ml] ip balcklistato o disservizio, Andrea Bongianni
- indice

Argomento:
- precedente: [ml] Php Web Statistik Multiple Vulnerabilities, ascii
- successivo: [ml] Sono dolori, Can't dig that daddy
- indice

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005