Vulnerabilities > Webcalendar > Webcalendar
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-08-29 | CVE-2005-2717 | Remote File Include vulnerability in Webcalendar 1.0.0 PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts. | 7.5 |
2005-07-19 | CVE-2005-2320 | Unspecified vulnerability in Webcalendar WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges. | 7.5 |
2005-03-30 | CVE-2005-0474 | SQL-Injection vulnerability in Webcalendar 0.9.45 SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie. | 6.4 |
2004-12-31 | CVE-2004-1510 | Remote vulnerability in WebCalendar WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php. | 7.5 |
2004-12-31 | CVE-2004-1509 | Remote vulnerability in WebCalendar validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encoded_login parameter, which reveals the full path in an error message. | 5.0 |
2004-12-31 | CVE-2004-1508 | Remote vulnerability in WebCalendar init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter. | 7.5 |
2004-12-31 | CVE-2004-1507 | Remote vulnerability in WebCalendar CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server. | 5.0 |
2004-12-31 | CVE-2004-1506 | Remote vulnerability in WebCalendar Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags. network webcalendar | 4.3 |
2002-12-31 | CVE-2002-2065 | Information Disclosure vulnerability in WebCalendar Include Files WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root. | 5.0 |
2001-06-27 | CVE-2001-0477 | Remote Command Execution vulnerability in WebCalendar Vulnerability in WebCalendar 0.9.26 allows remote command execution. | 7.5 |