5 matches found
Debian Security Advisory DSA 1056-1 (webcalendar)
The remote host is missing an update to webcalendar announced via advisory DSA 1056-1. David Maciejak noticed that webcalendar, a PHP-Based multi-user calendar, returns different error messages on login attempts for an invalid password and a non-existing user, allowing remote attackers to gain...
[SECURITY] [DSA 1056-1] New webcalendar packages fix information leak
-------------------------------------------------------------------------- Debian Security Advisory DSA 1056-1 [email protected] http://www.debian.org/security/ Martin Schulze May 15th, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1056-1] New webcalendar packages fix information leak
-------------------------------------------------------------------------- Debian Security Advisory DSA 1056-1 [email protected] http://www.debian.org/security/ Martin Schulze May 15th, 2006 http://www.debian.org/security/faq -...
CVE-2006-2247
WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames...
CVE-2006-2247
CVE-2006-2247 affects WebCalendar 1.0.1 through 1.0.3, where login responses differ depending on whether a username exists, enabling remote user enumeration. OpenVAS and Debian advisories describe this as a verbose error/information‑leak vulnerability in a PHP-based multi‑user calendar. The issue...