Lucene search
K

5 matches found

OpenVAS
OpenVAS
added 2009/12/31 12:0 a.m.21 views

PHP-Calendar Multiple Remote And Local File Inclusion Vulnerabilities

PHP-Calendar is prone to Remote And Local File Inclusion vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.5AI score0.02447EPSS
Exploits2References3
seebug.org
seebug.org
added 2009/12/25 12:0 a.m.25 views

PHP-Calendar configfile变量远程文件包含漏洞

CVECAN ID: CVE-2009-3702 php-Calendar是一款基于WEB的日历事务系统。 PHP-Calendar中存在多个绝对路径遍历漏洞,远程攻击者可以通过在提交给update08.php或update10.ph的configfile参数中的完整路径名导致包含并执行任意本地文件。以下是有漏洞的代码段: 36 elseif!empty$GET'configfile' 37 iffileexists$GET'configfile' 38 requireonce$GET'configfile'; PHP-Calendar 1.1 临时解决方法:...

7.5CVSS0.1AI score0.02447EPSS
Exploits2
CVE
CVE
added 2009/12/22 7:0 p.m.49 views

CVE-2009-3702

CVE-2009-3702 affects PHP-Calendar 1.1, where the configfile parameter in update08.php and update10.php allows including arbitrary local files and can enable remote file inclusion in some environments (e.g., UNC paths, ftp/ftps/ssh2 URLs). The root cause is inadequate filtering of $GET['configfil...

7.5CVSS7.2AI score0.02447EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2009/12/21 12:0 a.m.111 views

[ISecAuditors Security Advisories] PHP-Calendar <= v1.1 'configfile' Remote and Local File Inclusion vulnerability

============================================= INTERNET SECURITY AUDITORS ALERT 2009-011 - Original release date: October 13th, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3702 - Severity: 8.5/10 CVSS Base Score...

7.5CVSS1.2AI score0.02447EPSS
Exploits2
Packet Storm
Packet Storm
added 2009/12/18 12:0 a.m.46 views

PHP-Calendar 1.1 Remote/Local File Inclusion

============================================= INTERNET SECURITY AUDITORS ALERT 2009-011 - Original release date: October 13th, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3702 - Severity: 8.5/10 CVSS Base Score...

7.5CVSS6.6AI score0.02447EPSS
Exploits2
Rows per page
Query Builder