正文

WebCalendar多个远程漏洞

admin
admin V管理员 /0 评论 /8 阅读
1231
此篇文章发布距今已超过1230天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

WebCalendar多个远程漏洞

  • CNNVD编号:CNNVD-200412-493
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2004-1509
  • 漏洞类型: 设计错误
  • 发布时间: 2004-12-31
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: webcalendar
  • 漏洞来源: disclosed these vulnerabilities.');">Joxean Koret

漏洞简介

WebCalendar的validate.php存在漏洞。远程攻击者借助无效的encoded_login参数获取敏感信息,该漏洞在出错信息中泄露了完整路径。

漏洞公告

It is reported that some, or all of these issues have been corrected in the CVS versions of the package. This has not been confirmed. Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] .

参考网址

来源: XF 名称: webcalendar-encodedlogin-path-disclosure(18029) 链接:http://xforce.iss.net/xforce/xfdb/18029 来源: BID 名称: 11651 链接:http://www.securityfocus.com/bid/11651 来源: SECUNIA 名称: 13164 链接:http://secunia.com/advisories/13164 来源: BUGTRAQ 名称: 20041109 Multiple Vulnerabilities in WebCalendar 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110011618724455&w=2

受影响实体

  • Webcalendar Webcalendar:0.9.22  
    <!--
    2000-1-1
    -->
  • Webcalendar Webcalendar:0.9.23  
    <!--
    2000-1-1
    -->
  • Webcalendar Webcalendar:0.9.24  
    <!--
    2000-1-1
    -->
  • Webcalendar Webcalendar:0.9.25  
    <!--
    2000-1-1
    -->
  • Webcalendar Webcalendar:0.9.26  
    <!--
    2000-1-1
    -->

补丁

    暂无