14 matches found
PT-2026-40839
Name of the Vulnerable Software and Affected Versions Date iCal versions 0.0.0 through 4.0.14 Description A missing authorization issue in the Date iCal module, which exports entity date fields as iCal feeds, allows forceful browsing. The module fails to sufficiently check entity or field access...
Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037
This module enables you to export entity date fields as iCal feeds. The module doesn't sufficiently check entity or field access or sanitize user inputs when generating iCal feeds. This vulnerability is not mitigated by any permission, the routes are accessible to all anonymous users with no...
CVE-2026-4801
The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insufficient output escaping of event titles, descriptions, and locations fetched from external iCal feeds...
PT-2026-33588
Name of the Vulnerable Software and Affected Versions CoBlocks versions prior to 3.1.17 Description The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient output escaping of event titles, descriptions, and...
EUVD-2016-7122
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2016-6189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1...
CVE-2023-1977
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network...
PT-2023-19706 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev37 Description: The issue concerns the lack of HTTP header length checks when downloading data, such as iCal feeds. This could potentially allow a crafted feed to provide an excessive amount of header...
SUSE CVE-2016-6189
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1 ics or 2 XML calendar feeds...
DEBIAN-CVE-2016-6189
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1 ics or 2 XML calendar feeds...
CVE-2016-6189
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1 ics or 2 XML calendar feeds...
CVE-2016-6189
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1 ics or 2 XML calendar feeds...
UBUNTU-CVE-2016-6189
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the 1 ics or 2 XML calendar feeds...
PT-2017-8927 · Inverse · Sogo
Name of the Vulnerable Software and Affected Versions: SOGo versions prior to 2.3.12 SOGo versions 3.x prior to 3.1.1 Description: The issue allows remote authenticated users to obtain sensitive information by reading specific fields in calendar feeds. This is due to an incomplete blacklist...