12 matches found
CVE-2026-43882
CVE-2026-43882 affects WWBN AVideo up to v29.0 via an unauthenticated endpoint plugin/Scheduler/downloadICS.php that passes user-controlled title, date_start, description and joinURL into Scheduler::downloadICS(), building an ICS calendar. ICS::escape_string() only escapes comma and semicolon, no...
EUVD-2013-0318
Malware in sbrugna...
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an...
CVE-2022-32739
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number...
libical: Multiple use-after-free vulnerabilities
libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file...
libical: Multiple use-after-free vulnerabilities
libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file...
Libical heap overflow vulnerability (CNVD-2017-03332)
Libical is an open source implementation of the iCalendar protocol and protocol data unit . A heap overflow vulnerability exists in libical version 1.0. An attacker can cause a denial of service reuse after release via a specially crafted ics file...
Libical Denial of Service Vulnerability (CNVD-2017-03333)
Libical is an open source implementation of the iCalendar protocol and protocol data unit . A denial of service vulnerability exists in the icalpropertynewclone function in Libical. A remote attacker can cause a denial of service reuse after release via a specially crafted ics file...
UBUNTU-CVE-2016-5823
The icalpropertynewclone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted iCalendar file to the calendar application, the 2 dir or 3 file parameter to apps/filespdfviewer/viewer.php, or the 4 mountpoint parameter...
CVE-2013-0298
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted iCalendar file to the calendar application, the 2 dir or 3 file parameter to apps/filespdfviewer/viewer.php, or the 4 mountpoint parameter...
Server: Multiple XSS vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.6 and 4.0.11 and all prior versions allow remote attackers to inject arbitrary web script or HTML via the "sitename" and "siteurl" POST parameters to setsites.php in /apps/external/ajax/ CVE-2013-0297 Commits: e0140a stable45,...