Web application abuses : WebCalendar SQL Injection (Nov 2005)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.15752

Categoría: Web application abuses

Título: WebCalendar SQL Injection (Nov 2005) - Active Check

Resumen: The remote installation of WebCalendar may allow an attacker to; cause an SQL Injection vulnerability in the program allowing an attacker to cause the program to; execute arbitrary SQL statements.

Descripción: Summary:
The remote installation of WebCalendar may allow an attacker to
cause an SQL Injection vulnerability in the program allowing an attacker to cause the program to
execute arbitrary SQL statements.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features,
remove the product or replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1506
BugTraq ID: 11651
http://www.securityfocus.com/bid/11651
Bugtraq: 20041109 Multiple Vulnerabilities in WebCalendar (Google Search)
http://marc.info/?l=bugtraq&m=110011618724455&w=2
http://secunia.com/advisories/13164
XForce ISS Database: webcalendar-img-src-xss(18026)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18026
Common Vulnerability Exposure (CVE) ID: CVE-2004-1507
XForce ISS Database: webcalendar-response-splitting(18027)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18027
Common Vulnerability Exposure (CVE) ID: CVE-2004-1508
XForce ISS Database: webcalendar-init-file-include(18028)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18028
Common Vulnerability Exposure (CVE) ID: CVE-2004-1509
XForce ISS Database: webcalendar-encodedlogin-path-disclosure(18029)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18029
Common Vulnerability Exposure (CVE) ID: CVE-2004-1510
XForce ISS Database: webcalendar-scripts-gain-access(18030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18030

Copyright Copyright (C) 2004 Noam Rathaus

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.15752
Categoría:	Web application abuses
Título:	WebCalendar SQL Injection (Nov 2005) - Active Check
Resumen:	The remote installation of WebCalendar may allow an attacker to; cause an SQL Injection vulnerability in the program allowing an attacker to cause the program to; execute arbitrary SQL statements.
Descripción:	Summary: The remote installation of WebCalendar may allow an attacker to cause an SQL Injection vulnerability in the program allowing an attacker to cause the program to execute arbitrary SQL statements. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1506 BugTraq ID: 11651 http://www.securityfocus.com/bid/11651 Bugtraq: 20041109 Multiple Vulnerabilities in WebCalendar (Google Search) http://marc.info/?l=bugtraq&m=110011618724455&w=2 http://secunia.com/advisories/13164 XForce ISS Database: webcalendar-img-src-xss(18026) https://exchange.xforce.ibmcloud.com/vulnerabilities/18026 Common Vulnerability Exposure (CVE) ID: CVE-2004-1507 XForce ISS Database: webcalendar-response-splitting(18027) https://exchange.xforce.ibmcloud.com/vulnerabilities/18027 Common Vulnerability Exposure (CVE) ID: CVE-2004-1508 XForce ISS Database: webcalendar-init-file-include(18028) https://exchange.xforce.ibmcloud.com/vulnerabilities/18028 Common Vulnerability Exposure (CVE) ID: CVE-2004-1509 XForce ISS Database: webcalendar-encodedlogin-path-disclosure(18029) https://exchange.xforce.ibmcloud.com/vulnerabilities/18029 Common Vulnerability Exposure (CVE) ID: CVE-2004-1510 XForce ISS Database: webcalendar-scripts-gain-access(18030) https://exchange.xforce.ibmcloud.com/vulnerabilities/18030
Copyright	Copyright (C) 2004 Noam Rathaus