42 matches found
CVE-2010-0638
Cross-site request forgery CSRF vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely...
EUVD-2011-3771
Malware in sbrugna...
EUVD-2010-0669
Malware in sbrugna...
EUVD-2001-0473
Malware in sbrugna...
EUVD-2006-2248
Malware in sbrugna...
EUVD-2012-5303
Malware in sbrugna...
EUVD-2007-1340
Malware in sbrugna...
EUVD-2010-0379
Malware in sbrugna...
EUVD-2013-1460
Malware in sbrugna...
EUVD-2004-1502
Malware in sbrugna...
EUVD-2005-3956
Malware in sbrugna...
EUVD-2013-1459
Malware in sbrugna...
EUVD-2024-20169
Malicious code in bioql PyPI...
CVE-2024-22635
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /WebCalendarvqsmnseug2/editentry.php...
CVE-2011-3695
111WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by footer.php and certain other files...
CVE-2002-2065
WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root...
CVE-2024-1097
A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...
Cross-Site Request Forgery (CSRF) in craigk5n/webcalendar
Description Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...
Code injection
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the formsingleuserlogin parameter...
CVE-2012-1495
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the formsingleuserlogin parameter...