CVE

Id
32949  
CVE No.
CVE-2008-2832  
Status
Candidate  
Description
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.  
Phase
Assigned (20080624)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
357900 32949 CVE-2008-2832 MILW0RM:5850  View
357901 32949 CVE-2008-2832 URL:http://www.milw0rm.com/exploits/5850  View
357902 32949 CVE-2008-2832 MISC:http://downloads.securityfocus.com/vulnerabilities/exploits/29795.html  View
357903 32949 CVE-2008-2832 BID:29795  View
357904 32949 CVE-2008-2832 URL:http://www.securityfocus.com/bid/29795  View
357905 32949 CVE-2008-2832 XF:aspwebcalendar-calendaradmin-file-upload(43201)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
49259 JVNDB-2008-004569 WebCalendar の send_reminders.php における PHP リモートファイルインクルージョンの脆弱性 WebCalendar の send_reminders.php には、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2008-2836 32949 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-004569.html  View