Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webcalendar vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2006-2762
PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote malicious users to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting t...
Webcalendar Webcalendar 1.0.3
7.5
CVSSv2
CVE-2012-1495
install/index.php in WebCalendar prior to 1.2.5 allows remote malicious users to execute arbitrary code via the form_single_user_login parameter.
Webcalendar Project Webcalendar
2 EDB exploits
1 Github repository
6.5
CVSSv2
CVE-2012-1496
Local file inclusion in WebCalendar prior to 1.2.5.
Webcalendar Project Webcalendar
1 EDB exploit
2.1
CVSSv2
CVE-2007-6696
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote malicious users to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authe...
Webcalendar Webcalendar 1.1.6
2 EDB exploits
4.3
CVSSv2
CVE-2012-5384
Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote malicious users to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] vari...
Webcalendar Project Webcalendar -
7.5
CVSSv2
CVE-2005-2717
PHP remote file inclusion vulnerability in WebCalendar prior to 1.0.1 allows remote malicious users to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts.
Webcalendar Webcalendar 1.0.0
6.8
CVSSv2
CVE-2006-6669
Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the format parameter.
Webcalendar Webcalendar 1.0.4
6.4
CVSSv2
CVE-2005-0474
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote malicious users to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
Webcalendar Webcalendar 0.9.45
5
CVSSv2
CVE-2006-1537
Craig Knudsen WebCalendar 1.1.0-CVS allows remote malicious users to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/in...
Webcalendar Webcalendar 1.1.0
5
CVSSv2
CVE-2005-3982
CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote malicious users to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests.
Webcalendar Webcalendar 1.0.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »