Vulnerabilities > Webcalendar > Webcalendar > 1.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-08 | CVE-2007-1343 | Unspecified vulnerability in Webcalendar includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues. | 7.5 |
2006-05-09 | CVE-2006-2247 | Unspecified vulnerability in Webcalendar 1.0.1/1.0.2/1.0.3 WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | 5.0 |
2005-12-04 | CVE-2005-3984 | SQL Injection vulnerability in Webcalendar 1.0.1 SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. | 7.5 |
2005-12-04 | CVE-2005-3982 | Unspecified vulnerability in Webcalendar 1.0.1 CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests. | 5.0 |
2005-12-01 | CVE-2005-3961 | File Corruption vulnerability in Webcalendar 1.0.1 export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. | 5.0 |
2005-12-01 | CVE-2005-3949 | SQL Injection vulnerability in Webcalendar 1.0.1 Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php. | 7.5 |