CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

No description provided by source. source: http://www.securityfocus.com/bid/15636/info ltwCalendar is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...

7.1AI score

Exploits0

NVD•added 2006/12/02 2:28 a.m.•14 views

CVE-2006-6229

Codewalkers ltwCalendar aka PHP Event Calendar before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file...

5CVSS6.6AI score0.00343EPSS

Exploits0References1

ATTACKERKB•added 2006/12/02 2:28 a.m.•1 views

CVE-2006-6228

Cross-site scripting XSS vulnerability in Codewalkers ltwCalendar aka PHP Event Calendar before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors...

6.8CVSS5.7AI score0.00867EPSS

Exploits0References2

ATTACKERKB•added 2006/12/02 2:28 a.m.•2 views

CVE-2006-6229

Codewalkers ltwCalendar aka PHP Event Calendar before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file...

5CVSS5.5AI score0.00343EPSS

Exploits0References2

CVE•added 2006/12/02 2:0 a.m.•43 views

CVE-2006-6228

CVE-2006-6228 is an XSS vulnerability in Codewalkers ltwCalendar (also called PHP Event Calendar) prior to 4.2.1. Remote attackers can inject arbitrary HTML or web script via unknown vectors. The NVD record notes a CVSSv2 base score of 6.8 (MEDIUM) with network attack vector, no authentication, a...

6.8CVSS6.1AI score0.00867EPSS

Exploits0References1Affected Software1

Cvelist•added 2006/12/02 2:0 a.m.•17 views

CVE-2006-6229

Codewalkers ltwCalendar aka PHP Event Calendar before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file...

6.6AI score0.00343EPSS

Exploits0References1

CVE•added 2006/12/02 2:0 a.m.•42 views

CVE-2006-6229

The CVE-2006-6229 entry affects Codewalkers ltwCalendar (aka PHP Event Calendar) prior to 4.2.1. The underlying issue is that failed login attempts are logged, which could allow an attacker to infer correct passwords from the log file. The available records specify the affected software and the v...

5CVSS6.9AI score0.00343EPSS

Exploits0References1Affected Software1

Cvelist•added 2006/12/02 2:0 a.m.•19 views

CVE-2006-6228

Cross-site scripting XSS vulnerability in Codewalkers ltwCalendar aka PHP Event Calendar before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors...

5.8AI score0.00867EPSS

Exploits0References1

securityvulns•added 2006/11/22 12:0 a.m.•35 views

ltwCalendar => 4.2.1 Remote File Include Vulnerabilities

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hacking TeaM...

1.5AI score

Exploits0

Packet Storm•added 2006/11/21 12:0 a.m.•22 views

ltw421.txt

7.4AI score

Exploits0

CVE•added 2006/06/15 10:0 a.m.•35 views

CVE-2006-3041

CVE-2006-3041 : Codewalkers Ltwcalendar 4.1.3 is described as vulnerable to a PHP remote file inclusion in calendar.php via the ltw_config[include_dir] parameter, potentially allowing remote code execution. The CVE notes that this claim is disputed because the $ltw_config[include_dir] variable is...

7.5CVSS7.9AI score0.01402EPSS

Exploits0References4Affected Software1

Cvelist•added 2006/06/15 10:0 a.m.•14 views

CVE-2006-3041

PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltwconfigincludedir parameter. NOTE: CVE disputes this claim, since the $ltwconfigincludedir variable is defined as a static...

7.5AI score0.01402EPSS

Exploits0References4

securityvulns•added 2006/06/15 12:0 a.m.•26 views

Ltwcalendar 4.1.3 version - Remote File Include Vulnerabilities

SaVSaK.CoM | SpC-x - TheBeKiR | Ltwcalendar 4.1.3 version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : Ltwcalendar Credits : SpC-x Thanks : TheBeKiR - Ejder - FasTBoY - ERNE - RMx Code : requireonce'./private/ltwconfig.php';...

1.3AI score

Exploits0

Positive Technologies•added 2006/06/15 12:0 a.m.•2 views

PT-2006-3946 · Codewalkers · Ltwcalendar

Name of the Vulnerable Software and Affected Versions: Codewalkers Ltwcalendar version 4.1.3 Description: The issue allows remote attackers to potentially execute arbitrary PHP code via a URL in the ltw configinclude dir parameter in the Ltwcalendar/calendar.php file. However, it is noted that th...

7.5CVSS7.7AI score0.01402EPSS

Exploits0References6

Packet Storm•added 2006/06/15 12:0 a.m.•27 views

ltwcalendar.txt

7.4AI score

Exploits0

NVD•added 2005/12/05 11:3 a.m.•9 views

CVE-2005-4011

SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar aka PHP Event Calendar 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS8.4AI score0.01817EPSS

Exploits0References15

CVE•added 2005/12/05 11:0 a.m.•44 views

CVE-2005-4011

The CVE-2005-4011 vulnerability affects Codewalkers ltwCalendar (aka PHP Event Calendar) and involves a SQL injection in calendar.php via the id parameter. Affected versions are 4.2, 4.1.3 and earlier. The underlying issue is improper input handling that allows remote attackers to execute arbitra...

7.5CVSS8.9AI score0.01817EPSS

Exploits0References15Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by