Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> WebCalendar assistant_edit.php Unauthorized Access Vulnerability


Vulnerability Assessment Details

WebCalendar assistant_edit.php Unauthorized Access Vulnerability

Vulnerability Assessment Summary
Checks for assistant_edit.php unauthorized access vulnerability in WebCalendar

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server has a PHP script that permits unauthorized
access.

Description :

The remote version of WebCalendar fails to restrict access to the
script 'assistant_edit.php'. A possible hacker can use this script to
change assistants and to display all users in the system even when the
'Public access can view other users' setting has been disabled.

See also :

http://sourceforge.net/project/shownotes.php?release_id=328057

Solution :

Upgrade to WebCalendar 1.0.0 or newer.

Network Security Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)

Networks Security ID: 14072

Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2006 Tenable Network Security

Cables, Connectors


Fanxiang 4TB 2TB 1TB SSD 550MB/s 2.5'' SATA III Internal Solid State Drive lot picture

Fanxiang 4TB 2TB 1TB SSD 550MB/s 2.5'' SATA III Internal Solid State Drive lot

$188.99



New SSD 870 EVO SATA III SSD 1TB 2.5'' Solid State Drive Upgrade PC Laptop 4TB picture

New SSD 870 EVO SATA III SSD 1TB 2.5'' Solid State Drive Upgrade PC Laptop 4TB

$59.99



Fanxiang SSD 4TB 2TB 1TB 512GB SATA SSD 2.5'' III Internal Solid State Drive lot picture

Fanxiang SSD 4TB 2TB 1TB 512GB SATA SSD 2.5'' III Internal Solid State Drive lot

$108.29



4tb Ssd 870evo Internal Solid State Drive Hard Disk 2.5 Inch Sata SSD For Laptop picture

4tb Ssd 870evo Internal Solid State Drive Hard Disk 2.5 Inch Sata SSD For Laptop

$50.15



Patriot P210 128GB 256GB 512GB 1TB 2TB 2.5

Patriot P210 128GB 256GB 512GB 1TB 2TB 2.5" SATA 3 6GB/s Internal SSD PC/MAC Lot

$13.99



MZ7LM1T9HMJP Samsung PM863a 1.92TB SATA 6Gbps 2.5'' SSD Solid State Drive  picture

MZ7LM1T9HMJP Samsung PM863a 1.92TB SATA 6Gbps 2.5'' SSD Solid State Drive

$54.99



WD BLUE 3D NAND 250GB 2.5

WD BLUE 3D NAND 250GB 2.5" SATA Laptop SSD Solid State Tested,Wiped -WDS250G2B0A

$16.99



Crucial M500 480GB SED MLC 2.5

Crucial M500 480GB SED MLC 2.5" 6Gbps SATA Drive CT480M500SSD1 - PRICE PER UNIT

$24.99



Netac 2TB 1TB 512GB 240GB Internal SSD 2.5'' SATAIII 6Gb/s Solid State Drive lot picture

Netac 2TB 1TB 512GB 240GB Internal SSD 2.5'' SATAIII 6Gb/s Solid State Drive lot

$118.99



Netac 1TB 2TB 512GB Internal SSD 2.5'' SATA III 6Gb/s Solid State Drive lot picture

Netac 1TB 2TB 512GB Internal SSD 2.5'' SATA III 6Gb/s Solid State Drive lot

$119.99



Discussions

No Discussions have been posted on this vulnerability.