AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
January 07, 2009, 11:47:02 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 5327 Members
Latest Member: koliangoodsb
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: WebCalendar Alert! 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: WebCalendar Alert!  (Read 517 times)
AlphaWolf
AOT Administrator
Administrator
Hero Member
*****
Offline Offline

Posts: I am a geek!!



View Profile WWW
WebCalendar Alert!
« on: February 18, 2005, 11:51:42 PM »
Due to the following alert, the latest edge release of CPanel & Fantastico will NOT auto install WebCalendar.  This version will be on our new server that is rolling out this weekend.  If you wish to install WebCalendar, you will have to follow the instructions under "How do I" Boards

 K-OTik Security Advisory : KOTIK/ADV-2005-0184
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Moderate
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-02-18

 * Technical Description *

An SQL Injection vulnerability was reported in WebCalendar, wich may be exploited by attackers to execute arbitrary SQL commands. This flaw exists due to a missing input sanitising in "login" when used in cookies, which could be exploited to execute arbitrary SQL commands.

 * Affected Products *

WebCalendar version 0.9.45 and earlier

 * Solution *

WebCalendar version 0.9.5 :
http://www.k5n.us/webcalendar.php?topic=Download

 * References *

http://www.k-otik.com/english/advisories/2005/0184
http://www.scovettalabs.com/advisory/SCL-2005.001.txt
Logged
AlphaOne Tech Webmaster Resources
http://www.alphaone-tech.com/resources/
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: WebCalendar Alert! « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!