Vulnerabilities > Webcalendar > Webcalendar > 0.9.35
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-07-19 | CVE-2005-2320 | Unspecified vulnerability in Webcalendar WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges. | 7.5 |
2004-12-31 | CVE-2004-1510 | Remote vulnerability in WebCalendar WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php. | 7.5 |
2004-12-31 | CVE-2004-1509 | Remote vulnerability in WebCalendar validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encoded_login parameter, which reveals the full path in an error message. | 5.0 |
2004-12-31 | CVE-2004-1508 | Remote vulnerability in WebCalendar init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter. | 7.5 |
2004-12-31 | CVE-2004-1507 | Remote vulnerability in WebCalendar CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server. | 5.0 |
2004-12-31 | CVE-2004-1506 | Remote vulnerability in WebCalendar Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags. network webcalendar | 4.3 |