16 matches found
EUVD-2005-1150
Malware in sbrugna...
EUVD-2005-1151
Malware in sbrugna...
CalendarScript 3.2.1 Password Disclosure
Password Disclosure on CalendarScript 3.21 + Date: 28/04/2014 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.calendarscript.com/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable File: users.txt + Version: 3.21 + Exploit :...
CVE-2005-1148
calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid 1 year or 2 month parameters, which leaks the full pathname and debug information...
CVE-2005-1146
CalendarScript 3.21 is affected by a Cross‑Site Scripting (XSS) flaw in the login command (calendar.pl) via the username parameter. The issue is documented as CVE-2005-1146 and is noted by some sources as disputed by the vendor. Connected sources also reference CalendarScript 3.21 alongside previ...
CVE-2005-1148
calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid 1 year or 2 month parameters, which leaks the full pathname and debug information...
CVE-2005-1147
calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid 1 calendar or 2 template parameters, which leaks the full pathname and debug information...
CVE-2005-1145
CalendarScript 3.20 (CVE-2005-1145): XSS in calendar.pl via the template parameter; CalendarScript 3.21 (CVE-2005-1146): XSS in the login command via the username parameter. Both entries are disputed by the vendor. Exploitation context: remote injection of script/HTML. Remediation guidance from P...
CVE-2005-1147
CVE-2005-1147 affects CalendarScript 3.20’s calendar.pl, where remote attackers can trigger information disclosure through invalid (1) calendar or (2) template parameters. The issue leaks the full pathname and debug information, revealing sensitive data and indicating a flaw in input validation f...
CVE-2005-1146
NOTE: this issue has been disputed by the vendor. Cross-site scripting XSS vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-1145...
CVE-2005-1148
CalendarScript 3.21's calendar.pl is vulnerable to information disclosure: remote attackers can trigger invalid year or month parameters to leak the full path and debug info. Affected: calendar.pl in CalendarScript 3.21. Root cause: improper handling of year/month input leads to leakage of filesy...
CVE-2005-1145
NOTE: this issue has been disputed by the vendor. Cross-site scripting XSS vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146...
CVE-2005-1147
calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid 1 calendar or 2 template parameters, which leaks the full pathname and debug information...
CVE-2005-1146
NOTE: this issue has been disputed by the vendor. Cross-site scripting XSS vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-1145...
PT-2005-2162 · Calendarscript · Calendarscript
Name of the Vulnerable Software and Affected Versions: CalendarScript version 3.21 Description: A cross-site scripting XSS issue exists in the login command of calendar.pl, allowing remote attackers to inject arbitrary web script or HTML via the username parameter. Recommendations: For...
PT-2005-2161 · Calendarscript · Calendarscript
Name of the Vulnerable Software and Affected Versions: CalendarScript version 3.20 Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the template parameter in the calendar.pl file. This issue is disputed by the vendor...