5 matches found
EUVD-2006-6013
Malware in sbrugna...
CVE-2006-6030
Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 passwd Password fields in a admin/default.asp; or the 3 Event Title, 4 Location, or 5 Description field when making a search engine query in b search.asp...
CVE-2006-6030
Multiple SQL injection vulnerabilities affect E-Calendar Pro 3.0. Remote attackers can execute arbitrary SQL via (1) username and (2) passwd fields in admin/default.asp or (3) Event Title, (4) Location, or (5) Description in search.asp, as described for CVE-2006-6030. The underlying issue is impr...
CVE-2006-6030
Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 passwd Password fields in a admin/default.asp; or the 3 Event Title, 4 Location, or 5 Description field when making a search engine query in b search.asp...
E-Calendar Pro 3.0 [ login bypass & injection sql (post)]
vendor site:http://www.futuretec-soft.com/ product:E-Calendar Pro 3.0 bug:login bypass & injection sql post risk:high login bypass : username: 'or''=' passwd: 'or''=' injection sql post: in : /search.asp post your query into the search engine . laurent gaffie & benjamin mosse http://s-a-p.ca/...