Hi PacketStormSecurity.org;

I'm reporting a vulnerability of type XSS in Helios Calendar, thank you for all.

+==============================================================================+
+      Helios Calendar <=1.2.1 Beta (XSS) Multiple Remote Vulnerabilities      +
+==============================================================================+


Author(s): Ivan Sanchez  &  Maximiliano Soler.

Product: Helios Calendar.

Vendor: Refresh Web Development, LLC.

Description: Helios Calendar is a professional event management and publishing
platform. More then just a simple web

calendar, Helios Calendar offers many powerful tools to help you organize and
promote your events online.

Web: http://www.helioscalendar.com/

Versions: 1.2.1 Beta (or less)

Date: 02/11/2007




GOOGLE DORKS:
------------
[x] intext:"Helios Calendar" + intext:"Refresh Web Development"
[x] intitle:"Helios Calendar"


EXPLOIT:
--------

For example...after the variable "username"

http://www.[DOMAIN].tld/calendar/admin/index.php?msg=1&username=[XSS]




NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==============================================================================+
+      Helios Calendar <=1.2.1 Beta (XSS) Multiple Remote Vulnerabilities      +
+==============================================================================+

-- 
     Maximiliano Soler.
  Reports & Review Code.

    Null Code Services.
    www.nullcode.com.ar

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.