Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1292

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1292
Last Modified 07 Mar 2011 09:32:43
Published 19 Mar 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1292

Summary

Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.

Vulnerable Systems

Application

  • Php Icalendar 2.0

  • Php Icalendar 2.0.1

  • Php Icalendar 2.0a2

  • Php Icalendar 2.0b

  • Php Icalendar 2.0c

  • Php Icalendar 2.1

  • Php Icalendar 2.2.1


References

VUPEN - ADV-2006-1019

MILW0RM - 1585

BID - 17125

SECUNIA - 19285


Last Updated: 27 May 2016 10:42:00