Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ical vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2006-0924
Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote malicious users to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from t...
Brown Bear Software Ical 3.10
7.5
CVSSv2
CVE-2006-0027
Unspecified vulnerability in Microsoft Exchange allows remote malicious users to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
Microsoft Exchange Server 2003
Microsoft Exchange Server 2000
5
CVSSv2
CVE-2021-28994
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core up to and including 8.7.16, 9.x up to and including 9.1.0, 10.x up to and including 10.0.7, and 11.x up to and including 11.0.1 and Zarafa 6.30.x up to and including 7.2.x allows memory exhaustion via long HTTP headers.
Kopano Groupware Core
Zarafa Zarafa
4
CVSSv2
CVE-2021-33510
Plone up to and including 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.
Plone Plone
7.5
CVSSv2
CVE-2019-19907
HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core prior to 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data.
Kopano Groupware Core
NA
CVE-2023-24603
OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data.
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
NA
CVE-2023-24604
OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.
Open-xchange Ox App Suite 7.10.6
Open-xchange Ox App Suite
9.3
CVSSv2
CVE-2007-0033
Microsoft Outlook 2002 and 2003 allows user-assisted remote malicious users to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
Microsoft Office 2000
Microsoft Outlook 2000
Microsoft Office Xp
Microsoft Outlook 2002
Microsoft Office 2003
Microsoft Outlook 2003
NA
CVE-2008-2007
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1035. Reason: This candidate is a reservation duplicate of CVE-2008-1035. Notes: All CVE users should reference CVE-2008-1035 instead of this candidate. All references and descriptions in this candidate have ...
5
CVSSv2
CVE-2022-0709
The Booking Package WordPress plugin prior to 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnera...
Saasproject Booking Package
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »