Vulnerabilities > Vincent HOR
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-06-27 | CVE-2007-3258 | Information Disclosure vulnerability in Vincent HOR Calendarix 0.7.20070307 calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message. | 5.0 |
2007-06-26 | CVE-2007-3259 | Information Disclosure vulnerability in Vincent HOR Calendarix 0.7.20070307 Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages. | 5.0 |
2007-06-26 | CVE-2007-3183 | SQL Injection vulnerability in Vincent HOR Calendarix 0.7.20070307 Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php. network vincent-hor | 6.8 |
2007-06-26 | CVE-2007-3182 | Cross-Site Scripting vulnerability in Vincent HOR Calendarix 0.7.20070307 Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. network vincent-hor | 4.3 |
2006-06-19 | CVE-2006-3094 | SQL-Injection vulnerability in Calendarix Basic Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) cal_event.php and (2) cal_popup.php. | 5.1 |
2006-04-19 | CVE-2006-1835 | Cross-Site Scripting vulnerability in Calendarix YearCal.PHP Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter. | 2.6 |
2006-02-01 | CVE-2006-0492 | SQL Injection vulnerability in Vincent HOR Calendarix 0.6.20050830 Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. | 7.5 |
2005-06-09 | CVE-2005-1864 | Remote Security vulnerability in Vincent HOR Calendarix Advanced 1.5 PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter. | 5.0 |
2005-05-31 | CVE-2005-1866 | Cross-Site Scripting vulnerability in Vincent HOR Calendarix Advanced 1.5 Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter. network vincent-hor | 4.3 |