Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ical vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-1021
The amr ical events lists WordPress plugin up to and including 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex...
Amr-ical-events-list Project Amr-ical-events-list
NA
CVE-2004-1021
iCal prior to 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows malicious users to execute programs and send e-mail via alarms.
Apple Ical 1.5.3
NA
CVE-2008-1035
Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "r...
Apple Ical 3.0.1
1 EDB exploit
NA
CVE-2008-2006
Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line,...
Apple Ical 3.0.1
2 EDB exploits
8.8
CVSSv3
CVE-2023-41853
Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions.
Wpicalavailability Wp Ical Availability
NA
CVE-2000-1071
The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote malicious users to monitor X Windows events and gain privileges.
Netscape Iplanet Ical 2.1
NA
CVE-2000-1072
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.
Netscape Iplanet Ical 2.1
1 EDB exploit
NA
CVE-2000-1073
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.
Netscape Iplanet Ical 2.1
NA
CVE-2000-1074
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.
Netscape Iplanet Ical 2.1
1 EDB exploit
NA
CVE-2006-0924
Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote malicious users to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from t...
Brown Bear Software Ical 3.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »