Vulnerabilities > CVE-2005-2320 - Unspecified vulnerability in Webcalendar
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges.
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-766.NASL description A vulnerability has been discovered in webcalendar, a PHP based multi-user calendar, that can lead to the disclosure of sensitive information to unauthorised parties. last seen 2020-06-01 modified 2020-06-02 plugin id 19315 published 2005-07-31 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19315 title Debian DSA-766-1 : webcalendar - authorisation failure NASL family CGI abuses NASL id WEBCALENDAR_ASSISTANT_EDIT.NASL description The remote version of WebCalendar fails to restrict access to the script last seen 2020-06-01 modified 2020-06-02 plugin id 18571 published 2005-06-28 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18571 title WebCalendar assistant_edit.php Unauthorized Access NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_07EAD557A22011DAB410000E0C2E438A.NASL description SecurityFocus reports that WebCalendar is affected by an unauthorized access vulnerability. The vulnerability is caused by improper checking of the authentication mechanism before access is being permitted to the last seen 2020-06-01 modified 2020-06-02 plugin id 21380 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21380 title FreeBSD : WebCalendar -- unauthorized access vulnerability (07ead557-a220-11da-b410-000e0c2e438a)