90 matches found
HTB22981: Multiple XSS (Cross Site Scripting) vulnerabilities in PHP Calendar Basic
Vulnerability ID: HTB22981 Reference: http://www.htbridge.ch/advisory/multiplexsscrosssitescriptingvulnerabilitiesinphpcalendarbasic.html Product: PHP Calendar Basic Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.3 and probably prior versions Vendor Notification: 03 May 2011...
PHP Calendar Basic 2.3 Cross Site Scripting
Vulnerability ID: HTB22981 Reference: http://www.htbridge.ch/advisory/multiplexsscrosssitescriptingvulnerabilitiesinphpcalendarbasic.html Product: PHP Calendar Basic Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.3 and probably prior versions Vendor Notification: 03 May 2011...
PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/47887/info PHP Calendar Basic is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user...
PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities
PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/47887/info PHP Calendar Basic is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues ...
Cross-site Scripting (XSS) Vulnerabilities in PHP Calendar Basic
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in PHP Calendar Basic which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in PHP Calendar Basic 1.1 The vulnerability exists due to input sanitation errors in...
PHP-Calendar 'description' and 'lastaction' Cross Site Scripting Vulnerabilities
PHP-Calendar is prone to Cross Site Scripting vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2010-2041
Multiple cross-site scripting XSS vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the 1 description and 2 lastaction parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the 1 description and 2 lastaction parameters...
CVE-2010-2041
PHP-Calendar is prone to Cross Site Scripting (XSS) in index.php, specifically via the parameters (1) description and (2) lastaction, affecting versions before 2.0 Beta7. The vulnerability allows remote attackers to inject arbitrary script/HTML in the web page. Affected product: PHP-Calendar; the...
CVE-2010-2041
Multiple cross-site scripting XSS vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the 1 description and 2 lastaction parameters...
PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities
PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities I. BACKGROUND --------------------- "PHP-Calendar is a simple web calendar. It is targeted towards groups that need to collaboratively create and track events. In that same collaborative spirit, the source for...
PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities
PHP-Calendar "description" and "lastaction" Cross Site Scripting Vulnerabilities I. BACKGROUND --------------------- "PHP-Calendar is a simple web calendar. It is targeted towards groups that need to collaboratively create and track events. In that same collaborative spirit, the source for...
Cacti Multiple Parameter Cross Site Scripting Vulnerabilities
Cacti Multiple Parameter Cross Site Scripting Vulnerabilities I. BACKGROUND --------------------- "Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple da...
PHP-Calendar Version Detection
This script detects the installed version of PHP-Calendar. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PHP-Calendar Multiple Remote And Local File Inclusion Vulnerabilities
PHP-Calendar is prone to Remote And Local File Inclusion vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PHP-Calendar configfile变量远程文件包含漏洞
CVECAN ID: CVE-2009-3702 php-Calendar是一款基于WEB的日历事务系统。 PHP-Calendar中存在多个绝对路径遍历漏洞,远程攻击者可以通过在提交给update08.php或update10.ph的configfile参数中的完整路径名导致包含并执行任意本地文件。以下是有漏洞的代码段: 36 elseif!empty$GET'configfile' 37 iffileexists$GET'configfile' 38 requireonce$GET'configfile'; PHP-Calendar 1.1 临时解决方法:...
CVE-2009-3702
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to 1 update08.php or 2 update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion...
Path traversal
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to 1 update08.php or 2 update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion...
CVE-2009-3702
CVE-2009-3702 affects PHP-Calendar 1.1, where the configfile parameter in update08.php and update10.php allows including arbitrary local files and can enable remote file inclusion in some environments (e.g., UNC paths, ftp/ftps/ssh2 URLs). The root cause is inadequate filtering of $GET['configfil...
CVE-2009-3702
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to 1 update08.php or 2 update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion...