Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

webcalendar webcalendar 0.9.45 vulnerabilities and exploits

(subscribe to this query)
6.4
CVSSv2
CVE-2005-0474
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote malicious users to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
Webcalendar Webcalendar 0.9.45
7.5
CVSSv2
CVE-2007-1483
Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote malicious users to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php.
K5n Webcalendar 0.9.45
7.5
CVSSv2
CVE-2005-2320
WebCalendar prior to 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote malicious users to gain privileges.
Webcalendar Webcalendar 0.9.26Webcalendar Webcalendar 0.9.27Webcalendar Webcalendar 0.9.28Webcalendar Webcalendar 0.9.29Webcalendar Webcalendar 0.9.42Webcalendar Webcalendar 0.9.43Webcalendar Webcalendar 0.9.44Webcalendar Webcalendar 0.9.45Webcalendar Webcalendar 0.9.50Webcalendar Webcalendar 0.9.15Webcalendar Webcalendar 0.9.16Webcalendar Webcalendar 0.9.19Webcalendar Webcalendar 0.9.20Webcalendar Webcalendar 0.9.34Webcalendar Webcalendar 0.9.35Webcalendar Webcalendar 0.9.36Webcalendar Webcalendar 0.9.37Webcalendar Webcalendar 0.9.22Webcalendar Webcalendar 0.9.24Webcalendar Webcalendar 0.9.31Webcalendar Webcalendar 0.9.33Webcalendar Webcalendar 0.9.38
7.5
CVSSv2
CVE-2007-1343
includes/functions.php in Craig Knudsen WebCalendar prior to 1.0.5 does not protect the noSet variable from external modification, which allows remote malicious users to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant...
Webcalendar Webcalendar 1.0.2Webcalendar Webcalendar 1.0.3Webcalendar Webcalendar 1.0.0Webcalendar Webcalendar 1.0.1Webcalendar Webcalendar 1.0.4
5
CVSSv2
CVE-2006-2247
WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote malicious users to enumerate valid usernames.
Webcalendar Webcalendar 1.0.1Webcalendar Webcalendar 1.0.2Webcalendar Webcalendar 1.0.3
6.8
CVSSv2
CVE-2006-6669
Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the format parameter.
Webcalendar Webcalendar 1.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook