17 matches found
Drupal Date iCal 安全漏洞
Drupal Date iCal is a Drupal calendar export module developed by the Drupal company. Versions of Drupal Date iCal prior to 4.0.15 contained security vulnerabilities, which were due to lack of authorization and could lead to forced browsing...
EUVD-2009-0505
Malware in sbrugna...
EUVD-2025-17050
Malicious code in bioql PyPI...
CVE-2025-5733
The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve th...
WordPress plugin Modern Events Calendar Lite 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
PT-2024-13389 · Unknown · Rm Bookingcalendar Module +1
Name of the Vulnerable Software and Affected Versions: PrestaShop versions 2.7.9 and before Description: The issue allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the ics export.php file. This is a result of a SQL Injection vulnerabilit...
SUSE CVE-2009-0501
Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors...
CVE-2022-0709
The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability...
CVE-2020-22807
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature...
Sql injection
An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature...
CVE-2020-9269
SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by exportical.php...
Calendar export: Authorization Bypass Through User-Controlled Key - ownCloud
Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the "calid" GET parameter to export.php in /apps/calendar/ Affected Software ownCloud Server 8.1.1 CVE-2015-6670 ownCloud Server 8.0.6 CVE-2015-6670 ownCloud Serve...
Server: Calendar export: Authorization Bypass Through User-Controlled Key
Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the "calid" GET parameter to export.php in /apps/calendar/ For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
USN-791-1: Moodle vulnerabilities
Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. CVE-2007-3215 Nigel McNie discovered that fetching https URLs di...
CVE-2009-0501
Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors...
Information disclosure
Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors...
CVE-2009-0501
Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors...