Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Calendar Security Vulnerabilities

cve
cve

CVE-2017-15891

Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified...

6.5CVSS

7AI Score

0.001EPSS

2017-12-08 04:29 PM
25
cve
cve

CVE-2017-10322

Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated...

5.3CVSS

6.2AI Score

0.002EPSS

2017-10-19 05:29 PM
22
cve
cve

CVE-2017-10326

Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated...

8.2CVSS

7.8AI Score

0.001EPSS

2017-10-19 05:29 PM
28
cve
cve

CVE-2017-10325

Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated...

8.2CVSS

7.8AI Score

0.001EPSS

2017-10-19 05:29 PM
21
cve
cve

CVE-2017-2224

Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified...

6.1CVSS

6AI Score

0.002EPSS

2017-07-07 01:29 PM
30
2
cve
cve

CVE-2017-2150

Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange...

5.3CVSS

5.4AI Score

0.002EPSS

2017-04-28 04:59 PM
24
cve
cve

CVE-2017-2151

Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified...

6.1CVSS

6AI Score

0.001EPSS

2017-04-28 04:59 PM
22
cve
cve

CVE-2017-6485

A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in.....

6.1CVSS

6.4AI Score

0.001EPSS

2017-03-05 08:59 PM
25
cve
cve

CVE-2014-4571

Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w...

6AI Score

0.002EPSS

2014-07-02 08:55 PM
19
cve
cve

CVE-2013-2698

Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified...

7.3AI Score

0.002EPSS

2014-05-27 02:55 PM
16
cve
cve

CVE-2010-2041

Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction...

5.9AI Score

0.003EPSS

2010-05-25 02:30 PM
21
cve
cve

CVE-2009-3702

Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file...

7.3AI Score

0.007EPSS

2009-12-22 07:30 PM
22
cve
cve

CVE-2009-3157

Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content...

5.9AI Score

0.001EPSS

2009-09-10 06:30 PM
18
cve
cve

CVE-2006-2291

Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party...

6.1AI Score

0.005EPSS

2006-05-10 02:14 AM
25
cve
cve

CVE-2006-2292

Multiple SQL injection vulnerabilities in IA-Calendar allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in (a) calendar_new.asp and (b) default.asp, and (2) ID parameter in (c) calendar_detail.asp. NOTE: the provenance of this information is unknown; the details...

9.2AI Score

0.005EPSS

2006-05-10 02:14 AM
19
cve
cve

CVE-2005-1397

SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown...

8.7AI Score

0.008EPSS

2005-05-03 04:00 AM
25
cve
cve

CVE-2004-1423

Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1)...

7.8AI Score

0.184EPSS

2004-12-31 05:00 AM
40
Total number of security vulnerabilities217