Title: Mike Spice My Calendar Input Validation Vulnerability
Severity: HIGH
Description:
My Calendar is a web calendar program maintained by Mike Spice.
It may be possible in possible to overwrite system files that are webserver writeable with custom data.
This is due to multiple input validation vulnerabilities in the Calendar package when the CGI variables are passed to the perl open() function. In these
conditions, attackers may be able to use directory traversal '../' character sequences and NULL bytes to specify any file and path on the filesystem.
Affected Products:
- Mike Spice My Calendar 1.0.0
- Mike Spice My Calendar 1.1.0
- Mike Spice My Calendar 1.2.0
- Mike Spice My Calendar 1.3.0
- Mike Spice My Calendar 1.4.0
References:
- Mike Spice: Mike Spice's Product Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
