CVE-2005-2461 Information

Description

Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter.

Reference

http://marc.info/?l=bugtraq&m=112274359718863&w=2 http://secunia.com/advisories/16286 http://www.gulftech.org/?node=research&article_id=00092-07302005 http://www.osvdb.org/18396 http://www.securityfocus.com/bid/14425