We have had reports submitted that web servers running WebCalendar 0.9.x or WebCalendar 1.x are being exploited. Currently some of defacer/cracker starts using WebCalendar php remote injection vulnerability. They are using when defacing web site, uploading Trojan and others. I saw some of defacer group use this kind of method then uploading Trojan which steal bank id/pw from user?s system. Official WebCalendar releases can be obtained from the SourceForge development server. The latest version is 1.0.1, please update to latest version. Secunia Vulnerability description - WebCalendar "includedir" Atbitrary File Inclusion Vulnerability SecurityFocus Vulnerability description - WebCalendar Send_Reminders.PHP Remote File Include Vulnerability Kevin Hong Handler On Duty |
Kevin 32 Posts Sep 13th 2005 |
Thread locked Subscribe |
Sep 13th 2005 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!