125 matches found
WP-Cal 0.3 - editevent.php SQL Injection
The wp-cal WordPress plugin was affected by an editevent.php SQL Injection security vulnerability...
ACME Perl-Cal 2.99 Cal_make.PL Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15779/info Perl-Cal is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scrip...
WordPress ZdStatistics Plugin <= 2.0.1 - XSS
Because of this vulnerability in cal/test.php, the attackers can inject arbitrary web script or HTML via the "lang" parameter. Solution Update the plugin...
Privilege escalation
Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service card reset via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348...
Cisco ONS 15454 Controller Card Denial of Service Vulnerability
A vulnerability in the code of the Cisco ONS 15454 Controller Cards could allow an unauthenticated, remote attacker to cause the control card to reset. The vulnerability is due to improper instructions to reload the controller card. A CAL pipe fails to open when the file descriptors are exhausted...
14,000 Californians at Risk Following Medi-Cal, DHCS Breach
Medi-Cal, California’s Medicaid welfare program, came clean to customers this week admitting it mistakenly posted almost 14,000 of its users’ Social Security numbers online last month. Providers of In-Home Supportive Services IHSS care in 25 counties are affected by the breach, according to a...
Design/Logic Flaw
Untrusted search path vulnerability in ALSee 6.20.0.1 allows local users to gain privileges via a Trojan horse patchani.dll file in the current working directory, as demonstrated by a directory that contains a .ani, .bmp, .cal, .hdp, .jpe, .mac, .pbm, .pcx, .pgm, .png, .psd, .ras, .tga, or .tiff...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in calendar.class.php in ApPHP Calendar ApPHP CAL allow remote attackers to hijack the authentication of unspecified victims for requests that use the 1 categoryname, 2 categorydescription, 3 eventname, or 4 eventdescription parameter...
CVE-2010-4881
Affected product : ApPHP Calendar (ApPHP CAL), specifically the calendar.class.php component. Vulnerability : Multiple cross-site request forgery (CSRF) weaknesses that allow remote attackers to hijack an authenticated user’s session for requests using one of four parameters: category_name, categ...
Microsoft License Logging Server RPC Call Heap Overflow (MS09-064; CVE-2009-2523)
The License Logging service is a tool that was originally designed to help customers manage licenses for the Microsoft server products that are licensed in the Server Client Access License CAL model. License Logging service is one of the services used by Windows Small Business Server 2003 or...
php Download Manager <= 1.1 Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ============================================================== php Download Manager This page has no content."; ? Exploit : Vuln.Com/include/body.inc.php?content=../../etc/passwd ---------------------------- INDEPENDENT KOSOVA H ARNAVUT...
CVE-2008-0490
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-0490
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-0490
The WP-Cal 0.3 WordPress plugin contains an SQL injection in functions/editevent.php, exploitable via the id parameter. This affects the plugin’s ability to process events and can lead to arbitrary SQL execution. Connected sources confirm the component and parameter, with remediation guidance to ...
Wordpress Plugin WP-Cal 0.3 editevent.php SQL Injection Vulnerability
No description provided by source. -------------------------------------------------------------- H-T Team HouSSaMix + ToXiC350 from MoroCCo -------------------------------------------------------------- Author : Houssamix From H-T Team Script : Wordpress Plugin WP-Cal Download :...
wpcal-sql.txt
-------------------------------------------------------------- H-T Team HouSSaMix + ToXiC350 from MoroCCo -------------------------------------------------------------- Author : Houssamix From H-T Team Script : Wordpress Plugin WP-Cal Download : http://www.fahlstad.se/wp-plugins/wp-cal/ BUG :...
WordPress Plugin WP-Cal 0.3 - editevent.php SQL Injection
WordPress Plugin WP-Cal 0.3 - editevent.php SQL Injection -------------------------------------------------------------- H-T Team HouSSaMix + ToXiC350 from MoroCCo -------------------------------------------------------------- Author : Houssamix From H-T Team Script : Wordpress Plugin WP-Cal...
WordPress Plugin WP-Cal 0.3 - 'editevent.php' SQL Injection
-------------------------------------------------------------- H-T Team HouSSaMix + ToXiC350 from MoroCCo -------------------------------------------------------------- Author : Houssamix From H-T Team Script : Wordpress Plugin WP-Cal Download : http://www.fahlstad.se/wp-plugins/wp-cal/ BUG :...
Unfixed XSS vulnerability at www.cal-agri.com
Security researcher Narcoticxs, has submitted on 12/09/2007 a cross-site-scripting XSS vulnerability affecting www.cal-agri.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/09/2007. It is currentl...