2 matches found
CVE-2008-2215
Project-Based Calendaring System (PBCS) version 0.7.1-1 contains multiple directory traversal vulnerabilities that allow remote attackers to read arbitrary files by supplying a “..” in the filename parameter to src/yopy_sync.php and system-logger/print_logs.php. Root cause: improper handling of r...
CVE-2008-2216
The CVE-2008-2216 entry concerns Project-Based Calendaring System (PBCS) version 0.7.1. The vulnerability is an unrestricted file upload in src/yopy_upload.php, enabling remote authenticated users to upload arbitrary files to the tmp/uploads directory. The underlying issue is a permissive file up...