Lucene search
+L

8561 matches found

nvd
nvd
added 2004/10/20 4:0 a.m.20 views

CVE-2004-0793

The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file...

7.2CVSS7.4AI score0.00559EPSS
Exploits1References3
osv
osv
added 2004/10/20 4:0 a.m.5 views

DEBIAN-CVE-2004-0793

The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file...

7.2CVSS7.7AI score0.00559EPSS
Exploits1References1
osv
osv
added 2004/10/20 4:0 a.m.6 views

CVE-2004-0793

The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file...

7.6AI score
Exploits0References5
cert
cert
added 2004/10/19 12:0 a.m.40 views

PhpWebSite calendar module contains a SQL injection vulnerability

Overview The PhpWebSite contains an SQL injection vulnerability that may allow malicious users to execute SQL queries on a server with the privileges of the PhpWebSite administrator. Description PhpWebSite is an open-source web content management system that includes a web-based calendar module t...

7.5CVSS7.2AI score0.01673EPSS
Exploits0References7
nvd
nvd
added 2004/10/13 4:0 a.m.18 views

CVE-2004-1597

RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote attackers to cause a denial of service device reboot and possibly data corruption via a calendar message with a long Location field, which triggers a watchdog while the message is being stored...

5CVSS6.7AI score0.01997EPSS
Exploits1References8
nessus
nessus
added 2004/09/29 12:0 a.m.23 views

Debian DSA-419-1 : phpgroupware - missing filename sanitising, SQL injection

The authors of phpgroupware, a web-based groupware system written in PHP, discovered several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0016 In the 'calendar' module, 'save extension' was not enforced for holiday files. As a...

7.5CVSS5.8AI score0.0159EPSS
Exploits0References3
packetstorm
packetstorm
added 2004/09/29 12:0 a.m.21 views

aspWebCalendar.txt

1Introduction "aspWebCalendar is an .asp Active Server Pages script that allows you to easily create an online events calendar that supports multiple users. Easy installation and usage are the key features of aspWebCalendar. The script contains a text file with a few configuration variables that...

7.4AI score
Exploits0
cve
cve
added 2004/09/14 4:0 a.m.53 views

CVE-2004-0793

The CVE-2004-0793 issue affects the calendar program in bsdmainutils 6.0–6.0.14, which does not drop root privileges when run with -a, allowing an attacker to execute arbitrary commands via a crafted calendar event file. The underlying cause is privilege retention when processing event files, ena...

7.2CVSS7.4AI score0.00559EPSS
Exploits1References3Affected Software1
debiancve
debiancve
added 2004/09/14 4:0 a.m.50 views

CVE-2004-0793

The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file...

7.2CVSS7.1AI score0.00559EPSS
Exploits1
nvd
nvd
added 2004/09/01 4:0 a.m.15 views

CVE-2004-1654

SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via caltemplate...

7.5CVSS8.4AI score0.01333EPSS
Exploits0References6
cve
cve
added 2004/09/01 4:0 a.m.57 views

CVE-2004-0016

Summary (CVE-2004-0016) : The phpGroupWare calendar module (version 0.9.14) fails to enforce the save extension for holiday files, allowing server-side PHP files to be created and executed. This is a remote vulnerability with a CVSS v2 base score of 7.5 (High). Related advisories patch the issue ...

7.5CVSS6.7AI score0.0159EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2004/09/01 12:0 a.m.57 views

Possible root compromose with bsdmainutils 6.0.x < 6.0.15 (Debian testing/unstable)

Possible root compromise with calendar bsdmainutils 6.0.x 6.0.15 -------------------------------------------------------------------- Introduction ------------ The calendar utility is a handy little tool that informs you about upcoming events. Each user can define his/her own calendar events. In...

7.2CVSS0.00559EPSS
Exploits1
securityvulns
securityvulns
added 2004/09/01 12:0 a.m.25 views

Debian calendar privilege escalation

Privileges are not dropped on executing program specified by user...

4.2AI score
Exploits0References1Affected Software1
exploitdb
exploitdb
added 2004/08/31 12:0 a.m.21 views

Debian bsdmainutils 6.0.14 - Calendar Information Disclosure

// source: https://www.securityfocus.com/bid/11077/info The calendar utility contained in the bsdmainutils package on Debian GNU/Linux systems is reported susceptible to an information disclosure vulnerability. This is due to a lack of proper file authorization checks by the application. The...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2004/08/25 12:0 a.m.39 views

Multiple Cross Site Scripting Vulnerabilities in eGroupWare

--------------------------------------------------------------------------- Multiple Cross Site Scripting Vulnerabilities in eGroupWare --------------------------------------------------------------------------- Author: Joxean Koret Date: 2004 Location: Basque Country...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2004/08/23 12:0 a.m.10 views

eGroupWare 1.0 Calendar Module - date Cross-Site Scripting

eGroupWare 1.0 Calendar Module - date Cross-Site Scripting source: https://www.securityfocus.com/bid/11013/info It is reported that eGroupWare is susceptible to multiple cross-site scripting and HTML injection vulnerabilities. The cross-site scripting issues present themselves in the various...

6.8AI score
Exploits0
nessus
nessus
added 2004/08/18 12:0 a.m.14 views

Sun Java Calendar Version Detection

Binary data 4552.prm...

7.3AI score
Exploits0
nessus
nessus
added 2004/08/18 12:0 a.m.15 views

Sun Java Calendar Logging Component Unspecified Remote DoS

Binary data 4553.prm...

7.1CVSS7.3AI score0.0245EPSS
Exploits0References2
nessus
nessus
added 2004/08/17 12:0 a.m.19 views

phpGroupWare Multiple Module SQL Injection

The remote host seems to be running PhpGroupWare, a multi-user groupware suite written in PHP. It has been reported that this version may be prone to multiple SQL injection vulnerabilities in the 'calendar' and 'infolog' modules. The problems exist due to insufficient sanitization of user-supplie...

7.5CVSS5.6AI score0.01243EPSS
Exploits0References2
nvd
nvd
added 2004/07/27 4:0 a.m.23 views

CVE-2004-0742

Sun Java System Portal Server 6.2 formerly Sun ONE allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view...

10CVSS6.2AI score0.04521EPSS
Exploits0References5
Rows per page
Query Builder