4 matches found
CVE-2009-2243
The CVE-2009-2243 vulnerability affects the ASP Inline Corporate Calendar, specifically the active_appointments.asp component. The root cause is an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands via the sortby parameter. This could lead to data exposure...
CVE-2009-2241
The CVE-2009-2241 issue is an XSS vulnerability in the ASP Inline Corporate Calendar’s search.asp, exploitable via the keyword parameter. The affected component is the search function within the ASP Inline Corporate Calendar application; the underlying cause is improper handling of user-supplied ...
CVE-2009-2242
The CVE-2009-2242 entry describes a SQL injection vulnerability in active_appointments.asp of the ASP Inline Corporate Calendar. The flaw allows remote attackers to inject arbitrary SQL commands via the order parameter, potentially compromising the underlying database. The vulnerability is docume...
CVE-2005-1481
The CVE-2005-1481 entry maps to multiple SQL injection flaws in Aaron Outpost’s ASP Inline Corporate Calendar. OpenVAS details describe both defer.asp and details.asp as vulnerable endpoints taking an Event_ID parameter, enabling remote attackers to inject SQL commands. The underlying issue is im...