RSS   Vulnerabilities for 'Phpicalendar'   RSS

2009-01-26
 
CVE-2008-5968

CWE-22
 

 
Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292.

 
 
CVE-2008-5967

CWE-287
 

 
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.

 
2009-01-05
 
CVE-2008-5840

CWE-264
 

 
PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1.

 

 >>> Vendor: Phpicalendar 3 Products
Php icalendar
Phpicalendar
Phpicalendar2.0


Copyright 2024, cxsecurity.com

 

Back to Top