---------------------------------------------------------------------------
   PostCalendar Security Advisory PCSA 2004-1
   Author: Andreas Krapohl
   Date: January 3rd, 2004
   Website: http://noc.postnuke.com/projects/postcalendar
   ---------------------------------------------------------------------------
   VULNERABILITY
   SQL injection and various missing input validations
   [read extended text for more information]

   RELEVANT RELEASES
   4.0.0

   DESCRIPTION
   PostCalendar is an online events calendar. Allowing for one time or
   recurring events and calendar sharing with multiple categories and
   PostNuke topics integration.
   Vulnerable versions can be exploited through SQL injection within the
   search function.

   SOLUTION
   It is recommended that all admins upgrade their sites to v4.0.1 or
   apply the latest security fix package for v4.0.1 available right now
   from the locations listed below.

   REFERENCES
   No references are currently available on the net.

   UPDATED PACKAGES
   1. PostCalendar 4.0.1 Fullpackage (.zip format)
   http://noc.postnuke.com/download.php/243/postcalendar-4.0.1.zip
   MD5 checksum: 85f28144f36b1487366f654f4f800830
   2. PostCalendar 4.0.1 fixed files only (.zip format)
   http://noc.postnuke.com/download.php/244/postcalendar-4.0.1-fixpackage.zip
   MD5 checksum: 4b5fd57053c8577eeefef50cd1d19279

   ADDITIONAL INSTRUCTIONS
   Just replace the files contained in this patch into your PostCalendar
   directory to have your PC patched. Remember that a backup/dump is
   always a good idea prior to any update.

   CREDITS
   This exploit has been originally found by Klavs Klavsen and the
   Security Forum Denmark (sikkerhedsforum.dk) and has been reported on
   2003-12-10.