CVE-2005-3949 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2005-3949
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-3949

Description: Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/23369 SREASON http://securityreason.com/securityalert/215 SAID Secunia Advisory: SA17784 Secunia Advisory: SA19240 OSVDB 21216 21217 21218 21219 MISC http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities DEBIAN http://www.debian.org/security/2006/dsa-1002 CONFIRM http://sourceforge.net/forum/forum.php?thread_id=1392833&forum_id=11587 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/418286/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/417900/100/0/threaded BID 15608 15606 15662

Return to the previous page.