15 matches found
EUVD-2008-2742
Malware in sbrugna...
Improper Access Control
oro/calendar-bundle is vulnerable to Improper Access Control. The vulnerability exists due to the lack of permission checks in the checkPermissions function of SystemCalendarEventController.php. This allows back-office users to access information from any system calendar event, bypassing ACL...
GHSA-X2XM-P6VQ-482G OroCalendarBundle has incorrect system calendar events visibility
OroPlatform is a package that assist system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks...
OroCalendarBundle has incorrect system calendar events visibility
OroPlatform is a package that assist system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks...
CVE-2023-32062 OroCalendarBundle has incorrect system calendar events visibility
OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1...
Sun Calendar Express Web Server - (DoS/XSS) Multiple Remote Vulns
No description provided by source. Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in Sun Calendar Express Web Server 1. Advisory Information Title: Multiple vulnerabilities in Sun Calendar Express Web Server Advisory ID: CORE-2009-010...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via 1 the fmt-out parameter to login.wcap or 2 the date...
CVE-2009-1218
Multiple cross-site scripting XSS vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via 1 the fmt-out parameter to login.wcap or 2 the date...
Sun Java System Calendar Server 6 - 'command.shtml' Cross-Site Scripting
source: https://www.securityfocus.com/bid/34153/info Sun Java System Calendar Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspectin...
Sun Java System Calendar Server 6 - command.shtml Cross-Site Scripting
Sun Java System Calendar Server 6 - command.shtml Cross-Site Scripting source: https://www.securityfocus.com/bid/34153/info Sun Java System Calendar Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this...
Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting
Sun Calendar Express Web Server - Denial of Service Cross-Site Scripting Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in Sun Calendar Express Web Server 1. Advisory Information Title: Multiple vulnerabilities in Sun Calendar Express...
Sun Java System Calendar服务器拒绝服务漏洞
BUGTRAQ ID: 29763 CNCAN ID:CNCAN-2008061906 Sun Java System Calendar Server是一款基于Java的日程服务程序。 Sun Java System Calendar Server在访问日志开启时存在未明安全问题,远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 目前没有详细漏洞细节提供。 Sun ONE Calendar Server 6.0 Sun Java System Calendar Server 6.3 Sun Java System Calendar Server 6 2005Q4 Sun Java...
Design/Logic Flaw
Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging aka service.http.commandlog.all is enabled, allows remote attackers to cause a denial of service daemon crash via unspecified vectors...
CVE-2008-2749
CVE-2008-2749 affects Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, where the cshttpd component is vulnerable when access logging (service.http.commandlog.all) is enabled. The issue allows remote attackers to cause a denial of service (daemon crash) via unspecified v...
CVE-2008-2749
Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging aka service.http.commandlog.all is enabled, allows remote attackers to cause a denial of service daemon crash via unspecified vectors...