100 matches found
Directory traversal
Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL %00 character in the phpicalendarcookielanguage and phpicalendarcookiestyle cookies, as...
CVE-2006-1292
Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL %00 character in the phpicalendarcookielanguage and phpicalendarcookiestyle cookies, as...
CVE-2006-1291
CVE-2006-1291 affects PHP iCalendar versions prior to 2.25. The vulnerability allows remote attackers to upload and execute arbitrary PHP scripts by exploiting unauthenticated write access to the calendars directory via a WebDAV PUT request with a filename ending in .php plus a trailing null char...
CVE-2006-1292
CVE-2006-1292 is a directory-traversal vulnerability in PHP iCalendar 2.21 and earlier. An attacker can cause local file inclusion and remote code execution by manipulating cookies phpicalendar[cookie_language] and phpicalendar[cookie_style] (with a NUL/%00) so that PHP sequences injected into an...
PHP iCalendar Local File Inclusion
Binary data 3479.prm...
PHP iCalendar publish.ical.php Arbitrary File Upload
The remote host appears to be running PHP iCalendar, a web-based iCal file viewer / parser written in PHP. The installed version of PHP iCalendar supports iCal publishing but does not properly restrict the types of files uploaded and places them in a web-accessible directory. An unauthenticated...
PHP iCalendar Cookie Data Traversal Local File Inclusion
The remote host appears to be running PHP iCalendar, a web-based iCal file viewer / parser written in PHP. The version of PHP iCalendar installed on the remote host fails to sanitize input to cookie data normally used to store language and template user preferences before using it in a PHP...
php iCalendar <= 2.21 (Cookie) Remote Code Execution Exploit
Exploit for unknown platform in category web applications ============================================================ php iCalendar arbitrary local inclusion through cookies\r\n"; echo "by rgod rgodautisticiorg\r\n"; short explaination: phpICal stores language & template user preferences inside...
PHP iCalendar 2.21 - 'cookie' Remote Code Execution
!/usr/bin/php -q -d shortopentag=on arbitrary local inclusion through cookies\r\n"; echo "by rgod rgodautisticiorg\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; short explaination: phpICal stores language & template user preferences inside cookies. Theese values are used to include...
PHP iCalendar 2.21 - cookie Remote Code Execution
PHP iCalendar 2.21 - cookie Remote Code Execution !/usr/bin/php -q -d shortopentag=on arbitrary local inclusion through cookies\r\n"; echo "by rgod rgodautisticiorg\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; short explaination: phpICal stores language & template user preferences...
php iCalendar <= 2.21 (publish.ical.php) Remote Code Execution Exploit
Exploit for unknown platform in category web applications ====================================================================== php iCalendar autisticiorg\r\n"; echo "this works if "phpicalendarpublishing" is set to 1 in config.inc.php\r\n\r\n"; short explaination: phpICal lets users...
php iCalendar <= 2.21 (Cookie) Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "php iCalendar =2.21 "cookielanguage"/"cookiestyle" remote cmmnds xctn\r\n"; echo "- arbitrary local inclusion through cookies\r\n"; echo "by rgod rgodATautisticiDOTorg\r\n"; echo "site:...
CVE-2006-0648
Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the 1 getdate and possibly other parameters used in the replacefiles function in search.php and 2 $file variable as used in the parse function in...
Directory traversal
Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the 1 getdate and possibly other parameters used in the replacefiles function in search.php and 2 $file variable as used in the parse function in...
CVE-2006-0648
PHP iCalendar 2.0.1, 2.1, and 2.2 contain directory traversal/remote file inclusion vulnerabilities. The issues arise from input validation failures in search.php (getdate) and template.php (file) that allow an attacker to include arbitrary files and, if PHP register_globals is enabled, may enabl...
[eVuln] PHP iCalendar File Inclusion Vulnerability
New eVuln Advisory: PHP iCalendar File Inclusion Vulnerability http://evuln.com/vulns/70/summary.html --------------------Summary---------------- eVuln ID: EV0070 Software: PHP iCalendar Sowtware's Web Site: http://phpicalendar.net/ Versions: 2.0.1 2.1 2.2 Critical Level: Dangerous Type: File...
PHP iCalendar Multiple Script Remote File Inclusion
The remote host appears to be running PHP iCalendar, a web-based iCal file viewer / parser written in PHP. The installed version of PHP iCalendar fails to validate user input to the 'getdate' parameter of the 'search.php' script as well as the 'file' parameter of 'template.php' script. Provided...
PHP iCalendar Cross Site Scripting
PHP iCalendar CSS Name Cross-Site-Scripting Vulnerabilities in PHP iCalendar Systems Affected PHP iCalendar 2.0a2, 2.0b, 2.0c, 2.0.1 Severity Medium Risk Vendor http://www.phpicalendar.net Advisory http://www.ush.it/2005/10/25/php-icalendar-css/ Additional it...
PHP iCalendar index.php phpicalendar Parameter Remote File Inclusion
The remote host appears to be running PHP iCalendar, a web-based iCal file viewer / parser written in PHP. The version of PHP iCalendar installed on the remote host fails to sanitize the 'phpicalendar' cookie before using it in 'index.php' to include PHP code from a separate file. By leveraging...
[Full-disclosure] PHP iCalendar CSS
PHP iCalendar CSS Name Cross-Site-Scripting Vulnerabilities in PHP iCalendar Systems Affected PHP iCalendar 2.0a2, 2.0b, 2.0c, 2.0.1 Severity Medium Risk Vendor http://www.phpicalendar.net Advisory http://www.ush.it/2005/10/25/php-icalendar-css/ Additional it...