CVE-2006-1537 Information
Description
Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php (2) tests/add_duration_test.php (3) tests/all_tests.php (4) groups.php (5) nonusers.php (6) includes/settings.php (7) includes/init.php (8) includes/settings.php.orig (9) includes/js/admin.php (10) includes/js/edit_entry.php (11) includes/js/edit_layer.php (12) includes/js/export_import.php (13) includes/js/popups.php (14) includes/js/pref.php or (15) includes/menu/index.php which reveal the path in various error messages.
Reference
http://securityreason.com/securityalert/651 http://www.osvdb.org/24522 http://www.osvdb.org/24523 http://www.osvdb.org/24524 http://www.osvdb.org/24525 http://www.osvdb.org/24526 http://www.osvdb.org/24527 http://www.osvdb.org/24528 http://www.osvdb.org/24529 http://www.osvdb.org/24530 http://www.osvdb.org/24531 http://www.osvdb.org/24532 http://www.osvdb.org/24533 http://www.osvdb.org/24534 http://www.osvdb.org/24535 http://www.osvdb.org/24536 http://www.securityfocus.com/archive/1/429267/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/25539
Share on: