Bug: WebCalendar Multiple Vulnerabilities (WLB-2005110072 Ascii Version)

	WLB2
Full List

Bugs

Bogus

Tricks

Exploits

	CVE MAP
Full List

Vendors

Products

	Tools
CWE Dictionary

Google Hacking

	Search
General

CVE

CWE

	RSS
Full List

Bugs

Exploits

Dorks

	Information
Our services

Add note

About



	Submit
To add a note, use this form or send email to submit@cxsecurity.com When contacting via email, we recommend coded messages. Get our PGP public key

Topic:	WebCalendar Multiple Vulnerabilities
Credit:	ascii (ascii katamail com)
Date:	2005.11.29
CWE:	N/A
CVE:	CVE-2005-3949 (Show details) CVE-2005-3961 (Show details) Use CVE to see details like: - CVSS2, - Affected Software, - References

Risk	Local		Remote
Medium	No		Yes

WebCalendar Multiple Vulnerabilities

Name Multiple Vulnerabilities in WebCalendar
Systems Affected WebCalendar (verified on 1.0.1)
Severity Medium Risk
Vendor www.k5n.us/webcalendar.php?topic=About
Advisory
http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/
Advisory
http://www.ush.it/team/ascii/hack-WebCalendar/advisory.txt
Author Francesco "Â?aScii"Â? Ongaro (ascii at katamail . com)
Date 20051128

WebCalendar is vulnerable to four SQL Injection (files activity_log.php,
admin_handler.php, edit_template.php and export_handler.php) and one
local file overwrite (export_handler.php), input validation will fix.

Advisory released on 20051128:
WebCalendar Multiple Vulnerabilities
http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/

[ ASCII VERSION ]

Bug: WebCalendar Multiple Vulnerabilities (WLB-2005110072 Ascii Version)

use this form