Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2832

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-2832
Last Modified 14 Apr 2009 01:32:48
Published 24 Jun 2008 03:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2832

Summary

Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.

Vulnerable Systems

Application

  • Fullrevolution Aspwebcalendar2008


References

XF - aspwebcalendar-calendaradmin-file-upload(43201)

BID - 29795

MILW0RM - 5850

MISC - http://downloads.securityfocus.com/vulnerabilities/exploits/29795.html


Last Updated: 27 May 2016 10:48:00