19 matches found
EUVD-2006-0188
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-16906
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a Calendar - New Event action. CVE-2017-16906 Note that Nessus relies on the presence of the...
Debian DLA-2351-1 : php-horde-kronolith security update
In Horde Groupware, there has been an XSS vulnerability that could be exploited via the URL field in a 'Calendar - New Event' action. For Debian 9 stretch, this problem has been fixed in version 4.2.19-1+deb9u2. We recommend that you upgrade your php-horde-kronolith packages. For the detailed...
[SECURITY] [DLA 2351-1] php-horde-kronolith security update
Debian LTS Advisory DLA-2351-1 [email protected] https://www.debian.org/lts/security/ Mike Gabriel August 29, 2020 https://wiki.debian.org/LTS Package : php-horde-kronolith Version : 4.2.19-1+deb9u2 CVE ID : CVE-2017-16906 Debian Bug : 909737 In Horde Groupware, there has been an XSS...
Horde Groupware Cross-Site Scripting Vulnerability (CNVD-2017-37742)
Horde Groupware is a free, enterprise-grade, browser-based collaboration suite. A cross-site scripting vulnerability exists in Horde Groupware version 5.2.19. A cross-site scripting attack can be performed via the URL field in the "Calendar - New Event" action, which can be used for remote code...
CVE-2017-16906
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar - New Event" action...
DEBIAN-CVE-2017-16906
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar - New Event" action...
UBUNTU-CVE-2017-16906
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar - New Event" action...
Design/Logic Flaw
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar - New Event" action...
CVE-2017-16906
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar - New Event" action...
CVE-2017-16906
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar - New Event" action...
CVE-2017-16906
CVE-2017-16906 affects Horde Groupware, specifically version 5.2.19–5.2.22, where an XSS vulnerability exists in the Calendar → New Event URL field. The vulnerability allows an attacker to inject HTML/JavaScript through the URL parameter, with potential for remote code execution as per CNVD descr...
Simple Php Agenda <= 2.2.8 CSRF (Add Admin/Add New Event)
Exploit for php platform in category web applications +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Simple Php Agenda = 2.2.8 CSRF Add Admin/Add New Event Date : 29-03-2012 Author : Ivano Binetti...
CVE-2008-7018
Cross-site scripting XSS vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field descr parameter in an Add New Event action in an unspecified request as generated by an add action in index.php...
phpcal-xss.txt
============================================================== PHP Calendar Script Remote XSS Permanent Vulnerabilities ============================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...
Cross site scripting
Cross-site scripting XSS vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-0924
Cross-site scripting XSS vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags...
CVE-2006-0180
Cross-site scripting XSS vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags...