Network Security News Monitor - Friday, April 21, 2006 Events

TotalCalendar auth.php inc_dir Variable Remote File Inclusion

TotalCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the auth.php script not properly sanitizing user input supplied to the 'inc_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

TotalCalendar about.php inc_dir Variable Remote File Inclusion

TotalCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the about.php script not properly sanitizing user input supplied to the 'inc_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

myEvent viewevent.php myevent_path Variable Remote File Inclusion

myEvent contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to viewevent.php not properly sanitizing user input supplied to the 'myevent_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.