Directory traversal vulnerability in Mike Spice My Calendar before 1.5 allows remote attackers to write arbitrary files via .. (dot dot) sequences in a URL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| My_calendar | Mike_spice | 1.0 (including) | 1.0 (including) |
| My_calendar | Mike_spice | 1.1 (including) | 1.1 (including) |
| My_calendar | Mike_spice | 1.2 (including) | 1.2 (including) |
| My_calendar | Mike_spice | 1.3 (including) | 1.3 (including) |
| My_calendar | Mike_spice | 1.4 (including) | 1.4 (including) |
References
- http://securitytracker.com/id?1003256
- http://www.kb.cert.org/vuls/id/806091
- http://www.securityfocus.com/bid/3856
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7966
- http://securitytracker.com/id?1003256
- http://www.kb.cert.org/vuls/id/806091
- http://www.securityfocus.com/bid/3856
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7966