CVE-2006-6824
CVE-2006-6824
Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: it was later reported that vectors b, c, and d also affect 2.24.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 8
exploitdbwww.exploit-db.com/exploits/29363não verificadoexploitdbwww.exploit-db.com/exploits/29368não verificadoexploitdbwww.exploit-db.com/exploits/29364não verificadoexploitdbwww.exploit-db.com/exploits/29370não verificadoexploitdbwww.exploit-db.com/exploits/29369não verificadoexploitdbwww.exploit-db.com/exploits/29367não verificadoexploitdbwww.exploit-db.com/exploits/29366não verificadoexploitdbwww.exploit-db.com/exploits/29365não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lostmon.blogspot.com/2006/12/php-icalendar-multiple-variable-cross.htmlhttp://secunia.com/advisories/23499http://securitytracker.com/id?1017449https://exchange.xforce.ibmcloud.com/vulnerabilities/31146http://www.osvdb.org/32493http://www.osvdb.org/32494http://www.osvdb.org/32495http://www.osvdb.org/32496http://www.osvdb.org/32497http://www.osvdb.org/32498http://www.osvdb.org/32499http://www.osvdb.org/32500