EUVD-2019-6034

Malware in sbrugna...

CVE-2023-3564

A vulnerability was found in GZ Scripts GZ Multi Hotel Booking System 1.8. It has been classified as problematic. Affected is an unknown function of the file /index.php. The manipulation of the argument adults/children/calid leads to cross site scripting. It is possible to launch the attack...

CVE-2023-3564 GZ Scripts GZ Multi Hotel Booking System index.php cross site scripting

A vulnerability was found in GZ Scripts GZ Multi Hotel Booking System 1.8. It has been classified as problematic. Affected is an unknown function of the file /index.php. The manipulation of the argument adults/children/calid leads to cross site scripting. It is possible to launch the attack...

Sql injection

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the calid parameter, such as calid=55 and sleep3 to Calendar/calendarpopupajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data...

CVE-2018-8927

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the 1 calid or 2 originalcalid parameter...

Employee Work Schedule 5.9 - cal_id SQL Injection

Employee Work Schedule 5.9 - calid SQL Injection Exploit Title: EWS 5.9 - 'search' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/employee-work-schedule-multicalendar/10545683 Version: 5.9 Category: Webapps Tested on...

Sql injection

SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the 1 calid parameter in calendar.php3 and the 2 password field on the login page...