| VID |
21918 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Calendarix Advanced is vulnerable to multiple vulnerabilities which exist in versions 1.5 and earlier. Calendarix is a web-based calendar application written in PHP. Calendarix version 1.5 and earlier versions are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to carry out cross-site scripting, SQL injection, and remote PHP file include attacks. A remote attacker who successfully exploited the most severe of these vulnerabilities could execute arbitrary system commands on the vulnerable system.
* References:
http://www.swp-scene.org/?q=node/62
http://archives.neohapsis.com/archives/bugtraq/2005-05/0356.html
http://www.osvdb.org/16971
http://www.osvdb.org/16972
http://www.osvdb.org/16973
http://www.osvdb.org/16974
http://www.osvdb.org/16975
http://securitytracker.com/alerts/2005/May/1014083.html
http://secunia.com/advisories/15569
* Platforms Affected:
Vincent Hor, Calendarix Advanced version 1.5 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Calendarix Advanced (1.6.20060126 or later), available from the Calendarix Web site at http://www.calendarix.com/download_advanced.php |
| Related URL |
CVE-2005-1864,CVE-2005-1865,CVE-2005-1866 (CVE) |
| Related URL |
13825,13826 (SecurityFocus) |
| Related URL |
20827 (ISS) |
|
