60 matches found
EUVD-2006-6212
Malware in sbrugna...
EUVD-2006-4812
Malware in sbrugna...
EUVD-2021-29063
Malicious code in bioql PyPI...
EUVD-2021-29064
Malicious code in bioql PyPI...
CVE-2021-42078
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting XSS, as demonstrated by the /server/ajax/eventsmanager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the sit...
PHP Event Calendar SQL Injection (CVE-2021-42077)
An SQL injection vulnerability exists in PHP Event Calendar. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2021-42078
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting XSS, as demonstrated by the /server/ajax/eventsmanager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the sit...
CVE-2021-42078
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting XSS, as demonstrated by the /server/ajax/eventsmanager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the sit...
Cross site scripting
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting XSS, as demonstrated by the /server/ajax/eventsmanager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the sit...
Sql injection
PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/usermanager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be...
CVE-2021-42078
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting XSS, as demonstrated by the /server/ajax/eventsmanager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the sit...
CVE-2021-42077
CVE-2021-42077 affects PHP Event Calendar Lite edition prior to 2021-09-03. Multiple connected sources confirm an SQL injection vulnerability exploitable via the /server/ajax/user_manager.php username parameter, enabling execution of arbitrary SQL and, in some cases, bypassing login. The issue is...
PHP Event Calendar Lite Edition SQL Injection Vulnerability
Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: SQL injection CWE-89 Risk Level: High Solution Status: Closed Manufacturer Notification: 2021-08-09 Solution Date:...
PHP Event Calendar Lite Edition Cross Site Scripting Vulnerability
Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: Cross-site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer Notification: 2021-08-09 Public...
PHP Event Calendar Lite Edition Cross Site Scripting
Advisory ID: SYSS-2021-049 Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: Cross-site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer...
PHP Event Calendar Lite Edition SQL Injection
Advisory ID: SYSS-2021-048 Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: SQL injection CWE-89 Risk Level: High Solution Status: Closed Manufacturer Notification:...
PHP Event Calendar 1.4 Calendar.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18965/info PHP Event Calendar is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an...
PHP Event Calendar 4.2 - SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18593/info PHP Event Calendar is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit cou...
PHP Event Calendar 1.4/1.5 Index.PHP Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/20001/info PHP Event Calendar is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based...
PHP Event Calendar <= 1.5 - Multiple Vulnerabilities
No description provided by source. Title: PHP Event Calendar = v1.5 Multiple Vulnerabilities Author: cp77fk4r | Empty0pagESHIFT+2gmail.com | www.DigitalWhisper.co.il Software Link: http://www.softcomplex.com/download.html Version: = v1.5 Tested on: Apache2+PHP5 on Win32 Cross Site Scripting...