CVE-2010-0638

Cross-site request forgery CSRF vulnerability in WebCalendar 1.2.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely...

EUVD-2010-0669

Malware in sbrugna...

EUVD-2010-0379

Malware in sbrugna...

EUVD-2012-5303

Malware in sbrugna...

EUVD-2001-0473

Malware in sbrugna...

EUVD-2004-1502

Malware in sbrugna...

EUVD-2005-3956

Malware in sbrugna...

EUVD-2011-3771

Malware in sbrugna...

EUVD-2013-1460

Malware in sbrugna...

EUVD-2013-1459

Malware in sbrugna...

CVE-2024-22635

WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /WebCalendarvqsmnseug2/editentry.php...

CVE-2011-3695

111WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by footer.php and certain other files...

CVE-2002-2065

WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root...

CVE-2024-1097

A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...

Code injection

install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the formsingleuserlogin parameter...

CVE-2012-1495

install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the formsingleuserlogin parameter...

Directory traversal

Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors...

WebCalendar 1.0.1 Layers_Toggle.PHP HTTP Response Splitting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15673/info WebCalendar is prone to an HTTP response-splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to...

WebCalendar 0.9.45 (includedir) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications =================================================================== WebCalendar 0.9.45 includedir Remote File Inclusion Vulnerability ===================================================================...

1WebCalendar 4.0 - viewEvent.cfm?EventID SQL Injection

1WebCalendar 4.0 - viewEvent.cfm?EventID SQL Injection source: https://www.securityfocus.com/bid/17193/info 1WebCalendar is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries...