Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: PHP :: b06-4687.htm

PHP Event Calendar Multiple Parameter Cross Site Scripting Vulnerability



PHP Event Calendar Multiple Parameter Cross Site Scripting Vulnerability
PHP Event Calendar Multiple Parameter Cross Site Scripting Vulnerability



------=_Part_308481_9511085.1158125265317
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Multiple Cross Site Scripting Vulnerabilities were identified in
SoftComplex Inc. 's PHP Event Calendar, a reusable PHP script that
extends a web site's functionality with an event scheduler or news
archive.
http://www.softcomplex.com/products/php_event_calendar/ 

Attached is the advisory which details the vulnerability.

Thanks,
OS2A

------=_Part_308481_9511085.1158125265317
Content-Type: text/plain; name=os2a_1007.txt; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: base64
X-Attachment-Id: f_es19m79h
Content-Disposition: attachment; filename="os2a_1007.txt"

UEhQIEV2ZW50IENhbGVuZGFyIE11bHRpcGxlIFBhcmFtZXRlciBDcm9zcyBTaXRlIFNjcmlwdGlu
ZyBWdWxuZXJhYmlsaXR5CgoKT1MyQSBJRDogT1MyQV8xMDA3CQkJU3RhdHVzOgoJCQkJCTA4LzIw
LzIwMDYJSXNzdWUgRGlzY292ZXJlZAoJCQkJCTA5LzA2LzIwMDYJUmVwb3J0ZWQgdG8gdGhlIFZl
bmRvcgoJCQkJCTA5LzA5LzIwMDYgICAgICBGaXhlZCBieSBWZW5kb3IKCQkJCQkwOS8xMy8yMDA2
CUFkdmlzb3J5IFJlbGVhc2VkCgkJCQkJCgpDbGFzczogQ3Jvc3MgU2l0ZSBTY3JpcHRpbmcJCVNl
dmVyaXR5OiBMb3cKCgpPdmVydmlldzoKLS0tLS0tLS0tClBIUCBFdmVudCBDYWxlbmRhciBpcyBh
IHJldXNhYmxlIFBIUCBzY3JpcHQgdGhhdCBleHRlbmRzIGEgd2ViIHNpdGUncwpmdW5jdGlvbmFs
aXR5IHdpdGggYW4gZXZlbnQgc2NoZWR1bGVyIGFuZC9vciBuZXdzIGFyY2hpdmUuCmh0dHA6Ly93
d3cuc29mdGNvbXBsZXguY29tL3Byb2R1Y3RzL3BocF9ldmVudF9jYWxlbmRhci8KCkRlc2NyaXB0
aW9uOgotLS0tLS0tLS0tLS0KQSBjcm9zcy1zaXRlIHNjcmlwdGluZyB2dWxuZXJhYmlsaXR5IGV4
aXN0cyBpbiBQSFAgRXZlbnQgQ2FsZW5kYXIsIGR1ZSB0byBpbnB1dAp2YWxpZGF0aW9uIGVycm9y
IGluIHBhcmFtZXRlcnMgdGlsdGUodGkpLCBib2R5KGJpKSBhbmQgYmFja2dyb3VuZyBJbWFnZShj
YmdpKQppbiBjbF9maWxlcy9pbmRleC5waHAgcGFnZSB3aGVuIGFkZGluZyBhIG5ldyBldmVudC4K
ClN1Y2Nlc3NmdWwgZXhwbG9pdGF0aW9uIHJlcXVpcmVzIGF1dGhlbnRpY2F0aW9uLgoKSW1wYWN0
OgotLS0tLS0tCkFuIGF1dGhlbnRpY2F0ZWQgcmVtb3RlIGF0dGFja2VyIGNvdWxkIGluamVjdCBt
YWxpY2lvdXMgSFRNTCBhbmQgc2NyaXB0IGNvZGUgaW4Kb3RoZXIgdXNlcidzIGJyb3dzZXIgc2Vz
c2lvbiB3aXRoaW4gdGhlIHNlY3VyaXR5IGNvbnRleHQgb2YgdGhlIGFmZmVjdGVkIHNpdGUuCgpB
ZmZlY3RlZCBTb2Z0d2FyZShzKToKLS0tLS0tLS0tLS0tLS0tLS0tLS0tClBIUCBFdmVudCBDYWxl
bmRhciAxLjUuMSAocHJpb3IgdmVyc2lvbnMgbWF5IGFsc28gYmUgdnVsbmVyYWJsZSkKClByb29m
IG9mIENvbmNlcHQ6Ci0tLS0tLS0tLS0tLS0tLS0tCmh0dHA6Ly93d3cueW91cnNpdGUuY29tL2Rp
cmVjdG9yeV93aGVyZV95b3VfaW5zdGFsbGVkX3BocF9ldmVudF9jYWxlbmRhci9jbF9maWxlcy9p
bmRleC5waHAKVnVsbmVyYWJsZSBmaWVsZHM6IHRpdGxlIGZpZWxkICAgICAgIC0gdGkKCQkgICBi
b2R5IGZpZWxkICAgICAgICAtIGJpCgkJICAgQmFja2dyb3VuZyBJbWFnZSAgLSBjYmdpIAoKSW5z
ZXJ0ICI8c2NyaXB0PmFsZXJ0KCdYU1MgVnVsbmVyYWJsZScpOzwvc2NyaXB0PiIgaW4gYWJvdmUg
ZmllbGQgYW5kIGNsaWNrCiJBZGQgZXZlbnQiLgoKQ1ZTUyBTY29yZSBSZXBvcnQ6Ci0tLS0tLS0t
LS0tLS0tLS0tCiAgICBBQ0NFU1NfVkVDVE9SICAgICAgICAgID0gUkVNT1RFCiAgICBBQ0NFU1Nf
Q09NUExFWElUWSAgICAgID0gTE9XCiAgICBBVVRIRU5USUNBVElPTiAgICAgICAgID0gUkVRVUlS
RUQKICAgIENPTkZJREVOVElBTElUWV9JTVBBQ1QgPSBOT05FCiAgICBJTlRFR1JJVFlfSU1QQUNU
ICAgICAgID0gUEFSVElBTAogICAgQVZBSUxBQklMSVRZX0lNUEFDVCAgICA9IE5PTkUKICAgIElN
UEFDVF9CSUFTICAgICAgICAgICAgPSBJTlRFR1JJVFkKICAgIEVYUExPSVRBQklMSVRZICAgICAg
ICAgPSBQUk9PRl9PRl9DT05DRVBUCiAgICBSRU1FRElBVElPTl9MRVZFTCAgICAgID0gT0ZGSUNJ
QUxfRklYCiAgICBSRVBPUlRfQ09ORklERU5DRSAgICAgID0gQ09ORklSTUVECiAgICBDVlNTIEJh
c2UgU2NvcmUgICAgICAgID0gMi4xIChBVjpSL0FDOkwvQXU6Ui9DOk4vSTpQL0E6Ti9COkkpCiAg
ICBDVlNTIFRlbXBvcmFsIFNjb3JlICAgID0gMS42CiAgICBSaXNrIGZhY3RvciAgICAgICAgICAg
ID0gTG93CgoKVmVuZG9yIFJlc3BvbnNlOgotLS0tLS0tLS0tLS0tLS0KIkF0dGFjaGVkIGlzIHRo
ZSB2ZXJzaW9uIHRoYXQgYmxvY2tzIHRoZSB1c2Ugb2YgdGhlIDxzY3JpcHQ+IGluIHRoZQp0ZXh0
IG9mIHRoZSBldmVudC4gV2UgY2FuJ3QgYmxvY2sgdXNlIG9mIEhUTUwgY29tcGxldGVseSBiZWNh
dXNlIG1hbnkKdXNlcnMgd2FudCB0byBiZSBhYmxlIHRvIHVzZSBIVE1MIGZvciB0aGUgZXZlbnQg
ZGVzY3JpcHRpb25zLiBUaGUKZXZlbnRzIGFyZSBtYW5hZ2VkIGluIHRoZSBwYXNzd29yZCBwcm90
ZWN0ZWQgY29udHJvbCBwYW5lbCBzbyB0aGVyZQp3YXMgbm8gc2VjdXJpdHkgdGhyZWF0IGV2ZW4g
YmVmb3JlIHRoZSBjaGFuZ2Ugd2FzIGFwcGxpZWQuIgoKClNvbHV0aW9uOgotLS0tLS0tLS0KClVw
ZGF0ZSB0byB0aGUgZml4ZWQgdmVyc2lvbiwKaHR0cDovL3d3dy5zb2Z0Y29tcGxleC5jb20vcHJv
ZHVjdHMvcGhwX2V2ZW50X2NhbGVuZGFyLwoKQ3JlZGl0czoKLS0tLS0tLS0KTlIgTmFuZGluaSBv
ZiBPUzJBIGhhcyBiZWVuIGNyZWRpdGVkIHdpdGggdGhlIGRpc2NvdmVyeSBvZiB0aGlzIHZ1bG5l
cmFiaWxpdHkuCg=------=_Part_308481_9511085.1158125265317--


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH