33 matches found
EUVD-2004-1905
Malware in sbrugna...
EUVD-2004-1907
Malware in sbrugna...
EUVD-2004-1906
Malware in sbrugna...
NukeCalendar 1.1 .a modules.php Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...
NukeCalendar 1.1 .a block-Calendar.php Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...
NukeCalendar 1.1 .a eid Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...
NukeCalendar 1.1 .a block-Calendar_center.php Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...
NukeCalendar 1.1 .a block-Calendar1.php Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...
NukeCalendar 1.1 .a eid Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...
event calendar Multiple Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11693/info Event Calendar is prone to multiple input validation vulnerabilities. These issues include HTML injection and cross-site scripting. The following specific vulnerabilities were reported: A cross-site scripting...
CVE-2004-1914
SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter...
CVE-2004-1914
Affected software : NukeCalendar 1.1.a as used in PHP-Nuke. Vulnerability : SQL injection in modules.php via the eid parameter. This allows remote attackers to execute arbitrary SQL commands. Impact : Partial confidentiality, integrity, and availability impact as per CVSS; attacker can compromise...
CVE-2004-1913
The CVE-2004-1913 entry documents a cross-site scripting (XSS) vulnerability in the NukeCalendar 1.1.a module (as used in PHP-Nuke), exploitable via the eid parameter in modules.php. This allows remote attackers to inject arbitrary web script or HTML. The available references confirm the affected...
CVE-2004-1912
The CVE-2004-1912 issue affects NukeCalendar 1.1.a (as used in PHP-Nuke). The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, and (4) block-Calendar_center.php scripts can disclose the full filesystem path via an error message when a URL with an invalid argument is requested. Th...
CVE-2004-1912
The 1 modules.php, 2 block-Calendar.php, 3 block-Calendar1.php, 4 block-Calendarcenter.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message...
CVE-2004-1913
Cross-site scripting XSS vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter...
CVE-2004-1914
SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter...
CVE-2004-1913
Cross-site scripting XSS vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter...
CVE-2004-1912
The 1 modules.php, 2 block-Calendar.php, 3 block-Calendar1.php, 4 block-Calendarcenter.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message...
[waraxe-2004-SA#015 - Multiple vulnerabilities in NukeCalendar v1.1.a]
================================================================================ waraxe-2004-SA015 ================================================================================ Multiple vulnerabilities in NukeCalendar v1.1.a...