AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
January 08, 2009, 09:34:28 PM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 5356 Members
Latest Member: Gagabaksik
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: WebCalendar "includedir" Remote PHP File Inclusion Vulnerability 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: WebCalendar "includedir" Remote PHP File Inclusion Vulnerability  (Read 1235 times)
TJ
Tech Team
Hero Member
********
Offline Offline

Posts: 136



View Profile
WebCalendar "includedir" Remote PHP File Inclusion Vulnerability
« on: August 25, 2005, 02:08:16 PM »
* Technical Description *

A vulnerability was identified in WebCalendar, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the "send_reminders.php" script when processing a specially crafted "includedir" parameter, which may be exploited by remote attackers to include malicious files and execute arbitrary commands with the privileges of the web server.

 * Affected Products *

WebCalendar prior to version 1.0.1

 * Solution *

Upgrade to WebCalendar version 1.0.1 :
http://www.k5n.us/webcalendar.php?topic=Download

 * References *

http://www.frsirt.com/english/advisories/2005/1513
Logged
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: WebCalendar "includedir" Remote PHP File Inclusion Vulnerability « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!