Lucene search
+L

90 matches found

securityvulns
securityvulns
added 2011/05/21 12:0 a.m.63 views

HTB22981: Multiple XSS (Cross Site Scripting) vulnerabilities in PHP Calendar Basic

Vulnerability ID: HTB22981 Reference: http://www.htbridge.ch/advisory/multiplexsscrosssitescriptingvulnerabilitiesinphpcalendarbasic.html Product: PHP Calendar Basic Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.3 and probably prior versions Vendor Notification: 03 May 2011...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2011/05/18 12:0 a.m.21 views

PHP Calendar Basic 2.3 Cross Site Scripting

Vulnerability ID: HTB22981 Reference: http://www.htbridge.ch/advisory/multiplexsscrosssitescriptingvulnerabilitiesinphpcalendarbasic.html Product: PHP Calendar Basic Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.3 and probably prior versions Vendor Notification: 03 May 2011...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2011/05/17 12:0 a.m.25 views

PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/47887/info PHP Calendar Basic is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2011/05/17 12:0 a.m.9 views

PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities

PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/47887/info PHP Calendar Basic is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues ...

0.1AI score
Exploits0
htbridge
htbridge
added 2011/05/03 12:0 a.m.19 views

Cross-site Scripting (XSS) Vulnerabilities in PHP Calendar Basic

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in PHP Calendar Basic which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in PHP Calendar Basic 1.1 The vulnerability exists due to input sanitation errors in...

4.3CVSS6.5AI score
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2010/05/28 12:0 a.m.17 views

PHP-Calendar 'description' and 'lastaction' Cross Site Scripting Vulnerabilities

PHP-Calendar is prone to Cross Site Scripting vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS6.4AI score0.01263EPSS
Exploits0References5
NVD
NVD
added 2010/05/25 2:30 p.m.17 views

CVE-2010-2041

Multiple cross-site scripting XSS vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the 1 description and 2 lastaction parameters...

4.3CVSS5.8AI score0.01263EPSS
Exploits0References7
Prion
Prion
added 2010/05/25 2:30 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the 1 description and 2 lastaction parameters...

4.3CVSS6.1AI score0.01263EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2010/05/25 2:0 p.m.43 views

CVE-2010-2041

PHP-Calendar is prone to Cross Site Scripting (XSS) in index.php, specifically via the parameters (1) description and (2) lastaction, affecting versions before 2.0 Beta7. The vulnerability allows remote attackers to inject arbitrary script/HTML in the web page. Affected product: PHP-Calendar; the...

4.3CVSS5.9AI score0.01263EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2010/05/25 2:0 p.m.23 views

CVE-2010-2041

Multiple cross-site scripting XSS vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the 1 description and 2 lastaction parameters...

5.8AI score0.01263EPSS
Exploits0References7
securityvulns
securityvulns
added 2010/05/25 12:0 a.m.50 views

PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities

PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities I. BACKGROUND --------------------- "PHP-Calendar is a simple web calendar. It is targeted towards groups that need to collaboratively create and track events. In that same collaborative spirit, the source for...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2010/05/25 12:0 a.m.68 views

PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities

PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities I. BACKGROUND --------------------- "PHP-Calendar is a simple web calendar. It is targeted towards groups that need to collaboratively create and track events. In that same collaborative spirit, the source for...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2010/05/21 12:0 a.m.65 views

Cacti Multiple Parameter Cross Site Scripting Vulnerabilities

Cacti Multiple Parameter Cross Site Scripting Vulnerabilities I. BACKGROUND --------------------- "Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple da...

Exploits0
OpenVAS
OpenVAS
added 2009/12/31 12:0 a.m.9 views

PHP-Calendar Version Detection

This script detects the installed version of PHP-Calendar. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2009/12/31 12:0 a.m.22 views

PHP-Calendar Multiple Remote And Local File Inclusion Vulnerabilities

PHP-Calendar is prone to Remote And Local File Inclusion vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.5AI score0.02447EPSS
Exploits2References3
seebug.org
seebug.org
added 2009/12/25 12:0 a.m.26 views

PHP-Calendar configfile变量远程文件包含漏洞

CVECAN ID: CVE-2009-3702 php-Calendar是一款基于WEB的日历事务系统。 PHP-Calendar中存在多个绝对路径遍历漏洞,远程攻击者可以通过在提交给update08.php或update10.ph的configfile参数中的完整路径名导致包含并执行任意本地文件。以下是有漏洞的代码段: 36 elseif!empty$GET'configfile' 37 iffileexists$GET'configfile' 38 requireonce$GET'configfile'; PHP-Calendar 1.1 临时解决方法:...

7.5CVSS0.1AI score0.02447EPSS
Exploits2
NVD
NVD
added 2009/12/22 7:30 p.m.32 views

CVE-2009-3702

Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to 1 update08.php or 2 update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion...

7.5CVSS7.2AI score0.02447EPSS
Exploits2References1
Prion
Prion
added 2009/12/22 7:30 p.m.18 views

Path traversal

Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to 1 update08.php or 2 update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion...

7.5CVSS7.8AI score0.02447EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2009/12/22 7:0 p.m.50 views

CVE-2009-3702

CVE-2009-3702 affects PHP-Calendar 1.1, where the configfile parameter in update08.php and update10.php allows including arbitrary local files and can enable remote file inclusion in some environments (e.g., UNC paths, ftp/ftps/ssh2 URLs). The root cause is inadequate filtering of $GET['configfil...

7.5CVSS7.2AI score0.02447EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2009/12/22 7:0 p.m.42 views

CVE-2009-3702

Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to 1 update08.php or 2 update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion...

7.2AI score0.02447EPSS
Exploits2References1
Rows per page
Query Builder