Last Updated: 2005-09-13 01:55:25 UTC
by Kevin Hong (Version: 1)
We have had reports submitted that web servers running WebCalendar 0.9.x or WebCalendar 1.x are being exploited. Currently some of defacer/cracker starts using WebCalendar php remote injection vulnerability. They are using when defacing web site, uploading Trojan and others. I saw some of defacer group use this kind of method then uploading Trojan which steal bank id/pw from user?s system.
Official WebCalendar releases can be obtained from the SourceForge development server. The latest version is 1.0.1, please update to latest version.
Secunia Vulnerability description - WebCalendar "includedir" Atbitrary File Inclusion Vulnerability
SecurityFocus Vulnerability description - WebCalendar Send_Reminders.PHP Remote File Include Vulnerability
Handler On Duty