[36562] in bugtraq
Re: Multiple Vulnerabilities in phpScheduleIt
daemon@ATHENA.MIT.EDU (Nick Korbel)
Sat Sep 18 13:24:41 2004
Date: 17 Sep 2004 22:02:43 -0000
Message-ID: <20040917220243.22231.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Nick Korbel <nkorbel@hotmail.com>
To: bugtraq@securityfocus.com
In-Reply-To: <20040831195301.5769.qmail@www.securityfocus.com>
This vulnerability has been fixed in version 1.0.0. Please download and upgrade http://sourceforge.net/project/showfiles.php?group_id=95547&package_id=101920&release_id=267509
>---------------------------------------------------------------------------
> Multiple Vulnerabilities in phpScheduleIt
>---------------------------------------------------------------------------
>
>Author: Joxean Koret
>Date: 2004
>Location: Basque Country
>
>---------------------------------------------------------------------------
>
>Affected software description:
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>phpScheduleIt 1.0.0 RC1
>
>phpScheduleIt is a web application that attempts
>to solve the problem of
>scheduling and managing resource utilization. It
>provides a permissions-based
>calendar that allows users to self-register and
>reserve resources and the
>tools to manage those reservations.
>
>Some typical applications are conference room,
>equipment, or work shift scheduling.
>
>Web : http://www.php.brickhost.com/
>
>---------------------------------------------------------------------------
>
>Vulnerabilities:
>~~~~~~~~~~~~~~~~
>
>A. Multiple Cross Site Scripting Vulnerabilities
>B. Privilege Excalation Vulnerabilities
