Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webcalendar webcalendar 0.9.45 vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2005-0474
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote malicious users to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
Webcalendar Webcalendar 0.9.45
7.5
CVSSv2
CVE-2007-1483
Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote malicious users to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php.
K5n Webcalendar 0.9.45
1 EDB exploit
7.5
CVSSv2
CVE-2005-2320
WebCalendar prior to 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote malicious users to gain privileges.
Webcalendar Webcalendar 0.9.26
Webcalendar Webcalendar 0.9.27
Webcalendar Webcalendar 0.9.28
Webcalendar Webcalendar 0.9.29
Webcalendar Webcalendar 0.9.42
Webcalendar Webcalendar 0.9.43
Webcalendar Webcalendar 0.9.44
Webcalendar Webcalendar 0.9.45
Webcalendar Webcalendar 0.9.50
Webcalendar Webcalendar 0.9.15
Webcalendar Webcalendar 0.9.16
Webcalendar Webcalendar 0.9.19
Webcalendar Webcalendar 0.9.20
Webcalendar Webcalendar 0.9.34
Webcalendar Webcalendar 0.9.35
Webcalendar Webcalendar 0.9.36
Webcalendar Webcalendar 0.9.37
Webcalendar Webcalendar 0.9.22
Webcalendar Webcalendar 0.9.24
Webcalendar Webcalendar 0.9.31
Webcalendar Webcalendar 0.9.33
Webcalendar Webcalendar 0.9.38
7.5
CVSSv2
CVE-2007-1343
includes/functions.php in Craig Knudsen WebCalendar prior to 1.0.5 does not protect the noSet variable from external modification, which allows remote malicious users to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant...
Webcalendar Webcalendar 1.0.2
Webcalendar Webcalendar 1.0.3
Webcalendar Webcalendar 1.0.0
Webcalendar Webcalendar 1.0.1
Webcalendar Webcalendar 1.0.4
5
CVSSv2
CVE-2006-2247
WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote malicious users to enumerate valid usernames.
Webcalendar Webcalendar 1.0.1
Webcalendar Webcalendar 1.0.2
Webcalendar Webcalendar 1.0.3
6.8
CVSSv2
CVE-2006-6669
Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the format parameter.
Webcalendar Webcalendar 1.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started