We have had reports submitted that web servers running WebCalendar 0.9.x or WebCalendar 1.x are being exploited. Currently some of defacer/cracker starts using WebCalendar php remote injection vulnerability. They are using when defacing web site, uploading Trojan and others. I saw some of defacer group use this kind of method then uploading Trojan which steal bank id/pw from user?s system.
Official WebCalendar releases can be obtained from the SourceForge development server. The latest version is 1.0.1, please update to latest version.
Secunia Vulnerability description - WebCalendar "includedir" Atbitrary File Inclusion Vulnerability
SecurityFocus Vulnerability description - WebCalendar Send_Reminders.PHP Remote File Include Vulnerability
Handler On Duty
Sep 13th 2005
1 decade ago