Vulnerabilities > Webcalendar > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-20 | CVE-2006-6669 | Unspecified vulnerability in Webcalendar 1.0.4 Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter. network webcalendar | 6.8 |
| 2006-06-02 | CVE-2006-2762 | Information Disclosure vulnerability in Webcalendar 1.0.3 PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call. | 6.4 |
| 2006-05-09 | CVE-2006-2247 | Unspecified vulnerability in Webcalendar 1.0.1/1.0.2/1.0.3 WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | 5.0 |
| 2006-03-30 | CVE-2006-1537 | Information Disclosure vulnerability in Webcalendar 1.1.0 Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, or (15) includes/menu/index.php, which reveal the path in various error messages. | 5.0 |
| 2005-12-04 | CVE-2005-3982 | Unspecified vulnerability in Webcalendar 1.0.1 CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests. | 5.0 |
| 2005-12-01 | CVE-2005-3961 | File Corruption vulnerability in Webcalendar 1.0.1 export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. | 5.0 |
| 2005-03-30 | CVE-2005-0474 | SQL-Injection vulnerability in Webcalendar 0.9.45 SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie. | 6.4 |
| 2004-12-31 | CVE-2004-1509 | Remote vulnerability in WebCalendar validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encoded_login parameter, which reveals the full path in an error message. | 5.0 |
| 2004-12-31 | CVE-2004-1507 | Remote vulnerability in WebCalendar CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server. | 5.0 |
| 2004-12-31 | CVE-2004-1506 | Remote vulnerability in WebCalendar Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags. network webcalendar | 4.3 |