Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: WebCalendar Exploitation - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
WebCalendar Exploitation

We have had reports submitted that web servers running WebCalendar 0.9.x or WebCalendar 1.x are being exploited. Currently some of defacer/cracker starts using WebCalendar php remote injection vulnerability. They are using when defacing web site, uploading Trojan and others. I saw some of defacer group use this kind of method then uploading Trojan which steal bank id/pw from user?s system.


Official WebCalendar releases can be obtained from the SourceForge  development server. The latest version is 1.0.1, please update to latest version.

Secunia Vulnerability description - WebCalendar "includedir" Atbitrary File Inclusion Vulnerability
SecurityFocus Vulnerability description - WebCalendar Send_Reminders.PHP Remote File Include Vulnerability

Kevin Hong
Handler On Duty

Kevin

32 Posts

Sign Up for Free or Log In to start participating in the conversation!