Vulnerabilities > Phpicalendar
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-09-24 | CVE-2011-3780 | Information Exposure vulnerability in PHPicalendar PHP Icalendar 2.4 PHP iCalendar 2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by rss/rss_common.php and certain other files. | 5.0 |
2009-01-26 | CVE-2008-5968 | Path Traversal vulnerability in PHPicalendar Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2009-01-26 | CVE-2008-5967 | Improper Authentication vulnerability in PHPicalendar admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root. | 7.5 |
2009-01-05 | CVE-2008-5840 | Permissions, Privileges, and Access Controls vulnerability in PHPicalendar and PHPicalendar2.0 PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1. | 7.5 |