8561 matches found
CVE-2004-0793
The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file...
DEBIAN-CVE-2004-0793
The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file...
CVE-2004-0793
The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file...
PhpWebSite calendar module contains a SQL injection vulnerability
Overview The PhpWebSite contains an SQL injection vulnerability that may allow malicious users to execute SQL queries on a server with the privileges of the PhpWebSite administrator. Description PhpWebSite is an open-source web content management system that includes a web-based calendar module t...
CVE-2004-1597
RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote attackers to cause a denial of service device reboot and possibly data corruption via a calendar message with a long Location field, which triggers a watchdog while the message is being stored...
Debian DSA-419-1 : phpgroupware - missing filename sanitising, SQL injection
The authors of phpgroupware, a web-based groupware system written in PHP, discovered several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0016 In the 'calendar' module, 'save extension' was not enforced for holiday files. As a...
aspWebCalendar.txt
1Introduction "aspWebCalendar is an .asp Active Server Pages script that allows you to easily create an online events calendar that supports multiple users. Easy installation and usage are the key features of aspWebCalendar. The script contains a text file with a few configuration variables that...
CVE-2004-0793
The CVE-2004-0793 issue affects the calendar program in bsdmainutils 6.0–6.0.14, which does not drop root privileges when run with -a, allowing an attacker to execute arbitrary commands via a crafted calendar event file. The underlying cause is privilege retention when processing event files, ena...
CVE-2004-0793
The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file...
CVE-2004-1654
SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via caltemplate...
CVE-2004-0016
Summary (CVE-2004-0016) : The phpGroupWare calendar module (version 0.9.14) fails to enforce the save extension for holiday files, allowing server-side PHP files to be created and executed. This is a remote vulnerability with a CVSS v2 base score of 7.5 (High). Related advisories patch the issue ...
Possible root compromose with bsdmainutils 6.0.x < 6.0.15 (Debian testing/unstable)
Possible root compromise with calendar bsdmainutils 6.0.x 6.0.15 -------------------------------------------------------------------- Introduction ------------ The calendar utility is a handy little tool that informs you about upcoming events. Each user can define his/her own calendar events. In...
Debian calendar privilege escalation
Privileges are not dropped on executing program specified by user...
Debian bsdmainutils 6.0.14 - Calendar Information Disclosure
// source: https://www.securityfocus.com/bid/11077/info The calendar utility contained in the bsdmainutils package on Debian GNU/Linux systems is reported susceptible to an information disclosure vulnerability. This is due to a lack of proper file authorization checks by the application. The...
Multiple Cross Site Scripting Vulnerabilities in eGroupWare
--------------------------------------------------------------------------- Multiple Cross Site Scripting Vulnerabilities in eGroupWare --------------------------------------------------------------------------- Author: Joxean Koret Date: 2004 Location: Basque Country...
eGroupWare 1.0 Calendar Module - date Cross-Site Scripting
eGroupWare 1.0 Calendar Module - date Cross-Site Scripting source: https://www.securityfocus.com/bid/11013/info It is reported that eGroupWare is susceptible to multiple cross-site scripting and HTML injection vulnerabilities. The cross-site scripting issues present themselves in the various...
Sun Java Calendar Version Detection
Binary data 4552.prm...
Sun Java Calendar Logging Component Unspecified Remote DoS
Binary data 4553.prm...
phpGroupWare Multiple Module SQL Injection
The remote host seems to be running PhpGroupWare, a multi-user groupware suite written in PHP. It has been reported that this version may be prone to multiple SQL injection vulnerabilities in the 'calendar' and 'infolog' modules. The problems exist due to insufficient sanitization of user-supplie...
CVE-2004-0742
Sun Java System Portal Server 6.2 formerly Sun ONE allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view...