WebCalendar is a PHP-based calendar application that can be configured
as a single-user calendar, a multi-user calendar for groups of users,
or as an event calendar viewable by visitors.
See project homepage for details: http://www.k5n.us/webcalendar.php
Description:
The problem is that
By: Mr-X
Email: [EMAIL PROTECTED]
Subject: modules name(Sections)SQL Injection
example:-
/modules.php?name=Surveysop=resultspollID=8mode=order=thold=[SQL]
By: Mr-X
Email: [EMAIL PROTECTED]
Subject: modules name(Downloads)SQL Injection
example:-
/modules.php?/modules.php?name=Downloadsd_op=viewdownloadcid=[SQL]
/*
---
[N]eo [S]ecurity [T]eam [NST]® Advisory #20
---
Program : CuteNews 1.4.1
Homepage: http://www.cutephp.com
Vulnerable Versions: CuteNews 1.4.1 lower ones
Risk:
While this is arguably a misfeature, it's not like anyone reading the
documentation wouldn't know about it, and you have to explicitly enable
it. It does not seem too much of a problem to me.
Joachim
Secure by default is not just a catch phrase. it's a really good idea. By
making the default
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDKSA-2006:081-1
http://www.mandriva.com/security/
There is a Log Manipulation vulnerability in Microsoft ISA Server
2004, which when exploited will enable a malicious user to manipulate
the Destination Host parameter of the log file.
...
We were able to insert arbitrary characters, in this case the ASCII
characters 1, 2, 3 (respectively) into
On Friday 05 May 2006 09:16, Steven M. Christey wrote:
There is a Log Manipulation vulnerability in Microsoft ISA Server
2004, which when exploited will enable a malicious user to manipulate
the Destination Host parameter of the log file.
...
We were able to insert arbitrary characters, in
[LEFT]
Invision Community Blog .. Bugs
SQL Injection :-
Filename :- mod.php
Function name :- do_mmod()
The $ids Unfilter Input By Intval As Array :) So We Can Do SQL Injection --
* Arabic *
[/LEFT]
[RIGHT]
ÇáãÊÛíÑ $ids ÛíÑ ãÝáÊÑ Úä ØÑíÞ ÇáÏÇáå intval æåæ ÈÔßá ãÕÝæÝå ..
SaPHPLesson 3.0 Multbugs By :-- D3vil-0x1 | Devil-00 --:
1- Unfilter array
Filename:- show.php
Line:- 102
[code]
$hrow[] = $Row2;[/code]
Fix :-
Add To Line [ 11 ] /show.php This Code :-
we add the code to global to fix all unfilter
According to WebCalendar lead developer, this will be corrected in
upcoming developer release v1.1.
david
On 5/5/06, David Maciejak [EMAIL PROTECTED] wrote:
WebCalendar is a PHP-based calendar application that can be configured
as a single-user calendar, a multi-user calendar for groups of
A vulnerability has been found in an ActiveX object distributed as part of
TDC' Microsoft CSP suite.
The suite consists of Cryptomathic PrimeInk CSP and some ActiveX objects.
The primary task of the
CSP is to handle private RSA keys that are encrypted by keys derived from
the user provided
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Trustix Secure Linux Security Advisory #2006-0024
Package names: clamav, cyrus-sasl, kernel, libtiff, rsync, xorg-x11
Summary: Multiple vulnerabilities
Date:
13 matches
Mail list logo