Debian DSA-1096-1 : webcalendar - uninitialised variable

A vulnerability has been discovered in webcalendar, a PHP-based multi-user calendar, that allows a remote attacker to execute arbitrary PHP code when registerglobals is turned on. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

[SECURITY] [DSA 1096-1] New webcalendar packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1096-1 [email protected] http://www.debian.org/security/ Martin Schulze June 13th, 2006 http://www.debian.org/security/faq -...

CVE-2006-2762

PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a userinc setting that is used in an...

CVE-2006-2762

CVE-2006-2762: WebCalendar 1.0.3 is vulnerable to a PHP remote file inclusion via the includedir parameter in includes/config.php, leading to arbitrary code execution. The flaw arises because a URL is fed to fopen and its result defines user_inc, which is then used in include_once. Public advisor...