Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webcalendar vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2005-2717
PHP remote file inclusion vulnerability in WebCalendar prior to 1.0.1 allows remote malicious users to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts.
Webcalendar Webcalendar 1.0.0
668
VMScore
CVE-2005-3949
Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote malicious users to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple ...
Webcalendar Webcalendar 1.0.1
445
VMScore
CVE-2005-3961
export_handler.php in WebCalendar 1.0.1 allows remote malicious users to overwrite WebCalendar data files via a modified id parameter.
Webcalendar Webcalendar 1.0.1
445
VMScore
CVE-2013-1422
webcalendar prior to 1.2.7 shows the reason for a failed login (e.g., "no such user").
Webcalendar Project Webcalendar
570
VMScore
CVE-2005-0474
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote malicious users to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
Webcalendar Webcalendar 0.9.45
505
VMScore
CVE-2005-3982
CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote malicious users to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which is used to redirect URL requests.
Webcalendar Webcalendar 1.0.1
1 EDB exploit
668
VMScore
CVE-2005-3984
SQL injection vulnerability in WebCalendar 1.0.1 allows remote malicious users to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949.
Webcalendar Webcalendar 1.0.1
570
VMScore
CVE-2006-2762
PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote malicious users to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting t...
Webcalendar Webcalendar 1.0.3
NA
CVE-2023-0289
Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master.
Webcalendar Project Webcalendar -
445
VMScore
CVE-2006-1537
Craig Knudsen WebCalendar 1.1.0-CVS allows remote malicious users to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/in...
Webcalendar Webcalendar 1.1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »