Lucene search
GoogleOSV:DSA-1002-1HistoryMar 15, 2006 - 12:00 a.m.
webcalendar - several
2006-03-1500:00:00
Google
osv.dev
7
EPSS
0.048
Percentile
92.8%
Several security related problems have been discovered in webcalendar,
a PHP based multi-user calendar. The Common Vulnerabilities and
Exposures project identifies the following vulnerabilities:
- CVE-2005-3949
Multiple SQL injection vulnerabilities allow remote attackers to
execute arbitrary SQL commands. - CVE-2005-3961
Missing input sanitising allows an attacker to overwrite local
files. - CVE-2005-3982
A CRLF injection vulnerability allows remote attackers to modify
HTTP headers and conduct HTTP response splitting attacks.
The old stable distribution (woody) does not contain webcalendar packages.
For the stable distribution (sarge) these problems have been fixed in
version 0.9.45-4sarge3.
For the unstable distribution (sid) these problems have been fixed in
version 1.0.2-1.
We recommend that you upgrade your webcalendar package.
References
Related
openvas
openvas
Debian Security Advisory DSA 1002-1 (webcalendar)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1002-1)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-1002-1 : webcalendar - several vulnerabilities
2006-10-14 00:00:00
WebCalendar < 1.0.2 Multiple Vulnerabilities
2005-12-02 00:00:00
debian
debian
[SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities
2006-03-15 08:42:49
[SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities
2006-03-15 08:42:49
cvelist
cvelist
cve
cve
ubuntucve
ubuntucve
nvd
nvd
exploitdb
exploitdb
WebCalendar 1.0.1 - 'Layers_Toggle.php' HTTP Response Splitting
2005-12-01 00:00:00