2 matches found
CVE-2007-3258
calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the 1 year and 2 month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message...
CVE-2007-3258
CVE-2007-3258 affects Calendarix 0.7.20070307. The issue arises when remote attackers supply excessively large year/month values, causing mktime to receive negative values and triggering error messages that reveal the installation path. Impact is information disclosure (partial confidentiality). ...