Re: Multiple Vulnerabilities in phpScheduleIt

[Nick Korbel <nkorbel@xxxxxxxxxxx>]

In-Reply-To: <20040831195301.5769.qmail@xxxxxxxxxxxxxxxxxxxxx>

This vulnerability has been fixed in version 1.0.0.  Please download and 
upgrade 
http://sourceforge.net/project/showfiles.php?group_id=95547&package_id=101920&release_id=267509

>--------------------------------------------------------------------------- 
>              Multiple Vulnerabilities in phpScheduleIt 
>--------------------------------------------------------------------------- 
> 
>Author: Joxean Koret 
>Date: 2004  
>Location: Basque Country 
> 
>--------------------------------------------------------------------------- 
> 
>Affected software description: 
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
> 
>phpScheduleIt 1.0.0 RC1 
> 
>phpScheduleIt is a web application that attempts 
>to solve the problem of  
>scheduling and managing resource utilization. It 
>provides a permissions-based  
>calendar that allows users to self-register and 
>reserve resources and the  
>tools to manage those reservations. 
> 
>Some typical applications are conference room, 
>equipment, or work shift scheduling. 
> 
>Web : http://www.php.brickhost.com/ 
> 
>--------------------------------------------------------------------------- 
> 
>Vulnerabilities: 
>~~~~~~~~~~~~~~~~ 
> 
>A. Multiple Cross Site Scripting Vulnerabilities 

>B. Privilege Excalation Vulnerabilities