lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon Nov 28 16:48:30 2005 From: ascii at katamail.com (ascii) Subject: WebCalendar Multiple Vulnerabilities WebCalendar Multiple Vulnerabilities Name Multiple Vulnerabilities in WebCalendar Systems Affected WebCalendar (verified on 1.0.1) Severity Medium Risk Vendor www.k5n.us/webcalendar.php?topic=About Advisory http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/ Advisory http://www.ush.it/team/ascii/hack-WebCalendar/advisory.txt Author Francesco "?aScii"? Ongaro (ascii at katamail . com) Date 20051128 WebCalendar is vulnerable to four SQL Injection (files activity_log.php, admin_handler.php, edit_template.php and export_handler.php) and one local file overwrite (export_handler.php), input validation will fix. Advisory released on 20051128: WebCalendar Multiple Vulnerabilities http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/
Powered by blists - more mailing lists