EUVD-2025-200975

The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with subscriber level access an...

The vulnerability in the web application for data synchronization with ownCloud allows a hacker to read data from arbitrary calendars.

The vulnerability in the web application for data synchronization with ownCloud relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker, operating remotely, to read data from arbitrary calendars by manipulating the...

CVE-2013-0304

ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery CSRF vulnerability, but due to...

UBUNTU-CVE-2013-2043

apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendarid parameter...