Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Calendar)  >   ASP Inline Corporate Calendar Vendors:
ASP Inline Corporate Calendar Lets Remote Users Inject SQL Commands
SecurityTracker Alert ID:  1013884
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jun 27 2005
Original Entry Date:  May 4 2005
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  

Description:   Zinho reported an input validation vulnerability in ASP Inline Corporate Calendar. A remote user can inject SQL commands.

The 'defer.asp' and 'details.asp' scripts do not properly validate user-supplied input. A remote user can submit specially crafted parameter values to execute SQL commands on the underlying database.

Some demonstration exploit URLs are provided:



Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   The vendor has issued a fix.
Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  [HSC Security Group] ASP Inline Corporate Calendar SQL injection

Hackers Center Security Group (        
Zinho's Security Advisory         

Desc: SQL injection : ASP Inline Corporate Calendar
Risk: Medium

The Corporate Calendar is a nice asp script to manage a calendar shared by users. It 
has been downloaded by thousands people, and it is considered one of the most 
successful asp script at

Multiple sql injections affect ASP Inline Corporate Calendar:



Vendor has been contacted 10 days ago. Noone replied.

Zinho is webmaster and founder of ,      
Security research   portal       
Secure Web Hosting Companies Reviewed:      

zinho-no-spam @

Webmaster of
.:[ Hackers Center : Internet Security Portal]:.

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC