Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-2742

Malware in sbrugna...

7.1CVSS6.4AI score0.0245EPSS
Exploits0References7
Veracode
Veracode
added 2023/11/29 6:20 a.m.16 views

Improper Access Control

oro/calendar-bundle is vulnerable to Improper Access Control. The vulnerability exists due to the lack of permission checks in the checkPermissions function of SystemCalendarEventController.php. This allows back-office users to access information from any system calendar event, bypassing ACL...

5CVSS6.8AI score0.00538EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/11/27 11:29 p.m.17 views

GHSA-X2XM-P6VQ-482G OroCalendarBundle has incorrect system calendar events visibility

OroPlatform is a package that assist system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks...

5CVSS4.6AI score0.00538EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/11/27 11:29 p.m.15 views

OroCalendarBundle has incorrect system calendar events visibility

OroPlatform is a package that assist system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks...

5CVSS6.9AI score0.00538EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/11/27 8:58 p.m.40 views

CVE-2023-32062 OroCalendarBundle has incorrect system calendar events visibility

OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1...

5CVSS5.3AI score0.00538EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.48 views

Sun Calendar Express Web Server - (DoS/XSS) Multiple Remote Vulns

No description provided by source. Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in Sun Calendar Express Web Server 1. Advisory Information Title: Multiple vulnerabilities in Sun Calendar Express Web Server Advisory ID: CORE-2009-010...

7.1AI score
Exploits0
Prion
Prion
added 2009/04/01 6:30 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via 1 the fmt-out parameter to login.wcap or 2 the date...

4.3CVSS6AI score0.04362EPSS
Exploits2References7Affected Software2
NVD
NVD
added 2009/04/01 6:30 p.m.26 views

CVE-2009-1218

Multiple cross-site scripting XSS vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via 1 the fmt-out parameter to login.wcap or 2 the date...

4.3CVSS5.7AI score0.04362EPSS
Exploits2References7
Exploit DB
Exploit DB
added 2009/03/31 12:0 a.m.25 views

Sun Java System Calendar Server 6 - 'command.shtml' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34153/info Sun Java System Calendar Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspectin...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2009/03/31 12:0 a.m.11 views

Sun Java System Calendar Server 6 - command.shtml Cross-Site Scripting

Sun Java System Calendar Server 6 - command.shtml Cross-Site Scripting source: https://www.securityfocus.com/bid/34153/info Sun Java System Calendar Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this...

0.6AI score
Exploits0
exploitpack
exploitpack
added 2009/03/31 12:0 a.m.34 views

Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting

Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in Sun Calendar Express Web Server 1. Advisory Information Title: Multiple vulnerabilities in Sun Calendar Express...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2008/06/22 12:0 a.m.40 views

Sun Java System Calendar服务器拒绝服务漏洞

BUGTRAQ ID: 29763 CNCAN ID:CNCAN-2008061906 Sun Java System Calendar Server是一款基于Java的日程服务程序。 Sun Java System Calendar Server在访问日志开启时存在未明安全问题,远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 目前没有详细漏洞细节提供。 Sun ONE Calendar Server 6.0 Sun Java System Calendar Server 6.3 Sun Java System Calendar Server 6 2005Q4 Sun Java...

6.9AI score
Exploits0
Prion
Prion
added 2008/06/18 7:41 p.m.16 views

Design/Logic Flaw

Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging aka service.http.commandlog.all is enabled, allows remote attackers to cause a denial of service daemon crash via unspecified vectors...

7.1CVSS7.2AI score0.0245EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2008/06/18 7:29 p.m.45 views

CVE-2008-2749

CVE-2008-2749 affects Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, where the cshttpd component is vulnerable when access logging (service.http.commandlog.all) is enabled. The issue allows remote attackers to cause a denial of service (daemon crash) via unspecified v...

7.1CVSS6.7AI score0.0245EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2008/06/18 7:29 p.m.29 views

CVE-2008-2749

Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging aka service.http.commandlog.all is enabled, allows remote attackers to cause a denial of service daemon crash via unspecified vectors...

6.7AI score0.0245EPSS
Exploits0References6
Rows per page
Query Builder