NASLDB: aspWebCalendar calendar.asp SQL Injection
General
ID: 14816
Name: aspWebCalendar calendar.asp SQL Injection
Summary: SQL Injection
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:H/RL:U/RC:ND
Port: 80
Family: CGI abuses
Type: Remote
Description
The remote host appears to be running aspWebCalendar, an ASP script
designed to faciliate the integration of multiple calendars in a web-
based application.
There is a flaw in the remote software that could allow anyone
to inject arbitrary SQL commands, which may in turn be used to
gain administrative access on the remote host.
Exploiting
Exploit Available: True
Exploitability Ease: No exploit is required
Sources
CVE: CVE-2004-1552
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2004/09/23
Patch Release: –
Plugin Release: 2004/09/24
Plugin
Version: 1.18
Filename: aspWebCalendar_sql.nasl
Filesize: 2885 bytes
MD5 Hash: 44aed0a8aaa11712078c90395d52148c
Identification: –
Require Keys: www/ASP
Dependencies: "find_service1.nasl", "http_version.nasl"
Copyright: This script is Copyright© 2004-2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack