75 matches found
EUVD-2007-3499
Malware in sbrugna...
EUVD-2009-1404
Malware in sbrugna...
EUVD-2009-4935
Malware in sbrugna...
EUVD-2009-4891
Malware in sbrugna...
EUVD-2009-4936
Malware in sbrugna...
EUVD-2009-4890
Malware in sbrugna...
otalCalendar 0 about.php inc_dir Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/17618/info TotalCalendar is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to...
TotalCalendar <= 2.402 (view_event.php) Remote SQL Injection Vulns
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '64776' ssvid version = '1.0' author = 'kikay' vulDate = '2007-07-03' createDate ...
TotalCalendar <= 2.30 (inc) Remote File Include Vulnerability
No description provided by source. Title: TotalCalendar =2.30 - Remote File Include Vulnerability ----------------------------------------------------------------- Vendor: SweetPHP URL: http://sweetphp.com ----------------------------------------------------------------- Credits: Discovered by:...
TotalCalendar 2.4 - Remote Password Change Exploit
No description provided by source. title Powered by: TotalCalendar 2.4 Remote Password Change /title tr align=left td width=10 /td td align=centerspan class=boxHeaderCod3d By ThE g0bL!N/span/td td width=10 align=right/td /tr /table/span/td /tr /table /td /tr tr td style=padding: 0px; table...
totalcalendar 2.4 (bsql/lfi) Multiple Vulnerabilities
No description provided by source. / | | \ \ / / | | \ \ / / | |\ \ /\ / / | | | | | | \ V /| | | \ V V / | | || | || / ||| // ,|, | |/ | | | |/ / | ' \ | | / | | | | | | | |||,|| || || TotalCalendar 2.4 bSQL/LFI Multiples Remote Vulnerability Discovered By : Moudi Contact : [email protected]...
TotalCalendar SQL Injection and Directory Traversal Vulnerabilities
TotalCalendar is prone to SQL injection and directory traversal vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2009-4974
Directory traversal vulnerability in boxdisplay.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the box parameter...
CVE-2009-4973
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action...
Directory traversal
Directory traversal vulnerability in boxdisplay.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the box parameter...
CVE-2009-4974
Directory traversal vulnerability in boxdisplay.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the box parameter...
CVE-2009-4973
TotalCalendar 2.4 is affected by a SQL injection in rss.php, exploitable via the selectedCal parameter in a SwitchCal action. The vulnerability allows remote attackers to execute arbitrary SQL commands. CVSS v2 base score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P). Referenced exploit appears at Exploit-DB ...
CVE-2009-4974
TotalCalendar 2.4 is affected by a directory traversal vulnerability in box_display.php that allows remote attackers to read arbitrary files via a .. sequence in the box parameter. The issue is confirmed in multiple feeds (CVE-2009-4974; OpenVAS entry cites TotalCalendar SQL Injection and Directo...
CVE-2009-4973
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action...
TotalCalendar manage_users.php页面非授权更改口令漏洞
BUGTRAQ ID: 34619 CVE ID: CVE-2009-4929 TotalCalendar是一种基于Web的日程管理系统。 TotalCalendar的admin/manageusers.php页面没有强制管理认证,远程用户可以通过在HTTP请求中包含newPW1和 newPW2参数任意更改口令。 SweetPHP TotalCalendar 2.4 厂商补丁: SweetPHP -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...