CGI abuses : WebCalendar Export_Handler.PHP File Corruption Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56760

Categoría: CGI abuses

Título: WebCalendar Export_Handler.PHP File Corruption Vulnerability

Resumen: NOSUMMARY

Descripción: Description:

The remote host has a version of WebCalendar installed allows
attackers to overwrite data files as a result of an improperly
sanitized 'id' parameter to the 'Export_Handler.PHP' script.
Version 1.0.1 is known to be vulnerable.

Solution : Upgrade to a later version.

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 15608
Common Vulnerability Exposure (CVE) ID: CVE-2005-3961
http://www.securityfocus.com/bid/15608
Bugtraq: 20051128 WebCalendar Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/417900/100/0/threaded
Debian Security Information: DSA-1002 (Google Search)
http://www.debian.org/security/2006/dsa-1002
http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities
http://www.osvdb.org/21220
http://secunia.com/advisories/17784
http://secunia.com/advisories/19240
http://securityreason.com/securityalert/215
http://www.vupen.com/english/advisories/2005/2643
XForce ISS Database: webcalendar-exporthandler-file-overwrite(23370)
https://exchange.xforce.ibmcloud.com/vulnerabilities/23370

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56760
Categoría:	CGI abuses
Título:	WebCalendar Export_Handler.PHP File Corruption Vulnerability
Resumen:	NOSUMMARY
Descripción:	Description: The remote host has a version of WebCalendar installed allows attackers to overwrite data files as a result of an improperly sanitized 'id' parameter to the 'Export_Handler.PHP' script. Version 1.0.1 is known to be vulnerable. Solution : Upgrade to a later version. Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 15608 Common Vulnerability Exposure (CVE) ID: CVE-2005-3961 http://www.securityfocus.com/bid/15608 Bugtraq: 20051128 WebCalendar Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/417900/100/0/threaded Debian Security Information: DSA-1002 (Google Search) http://www.debian.org/security/2006/dsa-1002 http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities http://www.osvdb.org/21220 http://secunia.com/advisories/17784 http://secunia.com/advisories/19240 http://securityreason.com/securityalert/215 http://www.vupen.com/english/advisories/2005/2643 XForce ISS Database: webcalendar-exporthandler-file-overwrite(23370) https://exchange.xforce.ibmcloud.com/vulnerabilities/23370
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com