CVE-2006-3684

PHP remote file inclusion vulnerability in calendar.php in SoftComplex PHP Event Calendar 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pathtocalendar parameter, which overwrites the $pathtocalendar variable from an extract function call...

CVE-2006-3684

PHP remote file inclusion vulnerability in calendar.php in SoftComplex PHP Event Calendar 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pathtocalendar parameter, which overwrites the $pathtocalendar variable from an extract function call...

CVE-2006-3684

The CVE-2006-3684 issue affects SoftComplex PHP Event Calendar 1.4, where a PHP remote file inclusion vulnerability exists in calendar.php. An attacker can provide a URL in the path_to_calendar parameter, which is processed by an extract() call and overwrites the $path_to_calendar variable, enabl...

[eVuln] PHP Event Calendar XSS & User's Data Corruption Vulnerabilities

New eVuln Advisory: PHP Event Calendar XSS & User's Data Corruption Vulnerabilities http://evuln.com/vulns/63/summary.html --------------------Summary---------------- eVuln ID: EV0063 CVE: CVE-2006-0657 Vendor: Softcomplex Vendor's Web Site: http://www.softcomplex.com/ Software: PHP Event Calenda...

EV0063.txt

New eVuln Advisory: PHP Event Calendar XSS & User's Data Corruption Vulnerabilities http://evuln.com/vulns/63/summary.html --------------------Summary---------------- eVuln ID: EV0063 CVE: CVE-2006-0657 Vendor: Softcomplex Vendor's Web Site: http://www.softcomplex.com/ Software: PHP Event Calenda...

Cross site scripting

Cross-site scripting XSS vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the 1 username and 2 password parameters, which are not sanitized before being written to users.php. NOTE: while this issue...

CVE-2006-0657

Cross-site scripting XSS vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the 1 username and 2 password parameters, which are not sanitized before being written to users.php. NOTE: while this issue...

CVE-2006-0657

Cross-site scripting XSS vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the 1 username and 2 password parameters, which are not sanitized before being written to users.php. NOTE: while this issue...

CVE-2006-0657

CVE-2006-0657 affects Softcomplex’s PHP Event Calendar 1.5. The issue is a vulnerability in the usernames/passwords handling, where inputs are written to users.php without sanitization, enabling potential cross‑site scripting (XSS) or direct static code injection that could corrupt data. Descript...