CVE Tools

webcalendar

Web & CMS Pluginscommercial

11

Cumulative CVEs

4

Monthly snapshots

#29

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting webcalendar.

CVE-2008-1954SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.7.5Apr 25, 2008
CVE-2007-6696Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php...2.1Feb 1, 2008
CVE-2007-1343includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via ...7.5Mar 8, 2007
CVE-2006-6669Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter.6.8Dec 20, 2006
CVE-2006-2762PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely ac...6.4Jun 2, 2006
CVE-2006-2247WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.5.0May 9, 2006
CVE-2006-1537Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php,...5.0Mar 30, 2006
CVE-2005-3984SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.p...7.5Dec 4, 2005
CVE-2005-3982CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via the ret parameter, which i...5.0Dec 4, 2005
CVE-2005-3961export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter.5.0Dec 1, 2005
CVE-2005-3949Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admi...7.5Dec 1, 2005
CVE-2005-2717PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts.7.5Aug 29, 2005
CVE-2005-2320WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges.7.5Jul 19, 2005
CVE-2002-2065WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root.5.0Jul 14, 2005
CVE-2004-1508init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter.7.5Feb 19, 2005