PT-2017-14242 · WordPress · Easyappointments

Name of the Vulnerable Software and Affected Versions: Easy Appointments plugin versions prior to 1.12.0 Description: The issue concerns a cross-site scripting XSS flaw. This flaw is located in the Settings values within the admin panel. Recommendations: For versions prior to 1.12.0, update to...

Easy Appointments <= 1.11.7 - Cross-Site Scripting (XSS)

The Easy Appointments WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

WordPress Appointments plugin <=2.2.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress Appointments plugin versions =2.2.1. Solution Update the WordPress Appointments plugin to the latest available version at least 2.2.2...

VulnCheck KEV: CVE-2017-20206

The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via deserialization of untrusted input from the wpmudevappointments cookie. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting...

appointmentsorganizer.com XSS vulnerability

Vulnerable URL: https://www.appointmentsorganizer.com/slogin/login.php?appointid=15name=1"...

appointments.seizethedaymassage.com XSS vulnerability

Vulnerable URL: http://appointments.seizethedaymassage.com/department.asp?dept=%3Csvg/onload=alert/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

Vik Appointments 1.4 and previous

Vik Appointments 1.4 and previous, SQL Injection Resolution: update to 1.5 Update notice: https://extensionsforjoomla.com/blog/12-updates/46-security-notices-sql-injection-reports...

Open-Xchange: Critical : View/Edit access to private appointments of calendar folder by read only user (Vertical privilege escalation)

Hi Team, Description : Read only user of calendar folder shouldn't be able access any private appointments. I have found a move calendar folder request which is working for read only user. Once Attacker moves the appointment to his folder , then he can Access private appointments. Vulnerable HTTP...

Joomla Vik Appointments Component SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the 'itemopt' parameter of the Joomla Vik Appointments component, which can be exploited by attackers to access or modify database data...

Joomla Vik Appointments 1.5 Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component Vik Appointments v1.5 - SQL Injection Google Dork: inurl:index.php?option=comvikappointments Date: 15.03.2017 Vendor Homepage: https://extensionsforjoomla.com/ Software :...

Joomla Vik Appointments 1.5 SQL Injection

Exploit Title: Joomla! Component Vik Appointments v1.5 - SQL Injection Google Dork: inurl:index.php?option=comvikappointments Date: 15.03.2017 Vendor Homepage: https://extensionsforjoomla.com/ Software : https://extensionsforjoomla.com/livedemo/vikappointments/ Demo:...

Joomla! Component Vik Appointments 1.5 - SQL Injection

Joomla! Component Vik Appointments 1.5 - SQL Injection Exploit Title: Joomla! Component Vik Appointments v1.5 - SQL Injection Google Dork: inurl:index.php?option=comvikappointments Date: 15.03.2017 Vendor Homepage: https://extensionsforjoomla.com/ Software :...

Joomla! Component Vik Appointments 1.5 - SQL Injection

Exploit Title: Joomla! Component Vik Appointments v1.5 - SQL Injection Google Dork: inurl:index.php?option=comvikappointments Date: 15.03.2017 Vendor Homepage: https://extensionsforjoomla.com/ Software : https://extensionsforjoomla.com/livedemo/vikappointments/ Demo:...

Joomla Appointments for JomSocial 3.8.1 Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component Appointments for JomSocial v3.8.1 - SQL Injection Google Dork: N/A Date: 25.02.2017 Vendor Homepage: https://www.cmsplugin.com/ Software :...

Joomla Appointments For JomSocial 3.8.1 SQL Injection

Exploit Title: Joomla! Component Appointments for JomSocial v3.8.1 - SQL Injection Google Dork: N/A Date: 25.02.2017 Vendor Homepage: https://www.cmsplugin.com/ Software : https://www.cmsplugin.com/products/components/1-appointments-for-jomsocial Demo:...

Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection

Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection Exploit Title: Joomla! Component Appointments for JomSocial v3.8.1 - SQL Injection Google Dork: N/A Date: 25.02.2017 Vendor Homepage: https://www.cmsplugin.com/ Software :...

Code injection

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all...

CVE-2016-6190

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all...

CVE-2016-6190

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all...

Cross site request forgery (csrf)

eClinicalWorks Population Health CCMR suffers from a cross-site request forgery CSRF vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users,...