what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Ajax Full Featured Calendar 2.0 SQL Injection
Posted May 26, 2018
Authored by Ozkan Mustafa Akkus

Ajax Full Featured Calendar version 2.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7e4cb4721904b05551a81aedec87cece96197fd63c1c8340e14ad44d6f68d0e9

Related Files

Secunia Security Advisory 49939
Posted Jul 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability Lab has reported two vulnerabilities in Event Calendar PHP, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, php, vulnerability, xss
SHA-256 | e9af4da3f018b38df037e17c6767170c0fcee29251e0e4451c034a436e0b508c
Event Calendar PHP 1.2 Cross Site Scripting / SQL Injection
Posted Jul 16, 2012
Authored by Hubert Wojciechowski, Vulnerability Laboratory | Site vulnerability-lab.com

Event Calendar PHP version 1.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection
SHA-256 | 3ad4f5c685a677a797142b6d779de69baf513ebfcb1464004b838916e0b78d0f
vBulletin 4.2.0 Cross Site Scripting
Posted Jun 20, 2012
Authored by Sangteamtham

vBulletin version 4.2.0 suffers from a persistent cross site scripting vulnerability in the calendar section.

tags | exploit, xss
SHA-256 | e7d9b6e67ae5c903fc89ea7cf816b833e7afba6a2dabbdf3f503d0c45e30bc9a
Joomla JCal Pro Calendar SQL Injection
Posted Jun 15, 2012
Authored by Taurus Omar

Joomla JCal Pro Calendar component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 718c6f3306759a6f708f4f38acbd0ece1f508a8533bc21c9d8a43bdcf0984b38
WebCalendar 1.2.4 Remote Code Execution
Posted Apr 30, 2012
Authored by EgiX

WebCalendar versions 1.2.4 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2012-1495, CVE-2012-1496
SHA-256 | 505518c769aa0a8f543863fa3ee2b3bea199044e7d9263695e1c25fffbeb5719
WebCalendar 1.2.4 Pre-Auth Remote Code Injection
Posted Apr 30, 2012
Authored by EgiX, sinn3r | Site metasploit.com

This Metasploit modules exploits a vulnerability found in WebCalendar versions 1.2.4 and below. If not removed, the settings.php script meant for installation can be updated by an attacker with injected code. This allows arbitrary code execution as www-data.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2012-1495
SHA-256 | 29b4c547a774b448684e25b5a3790447dba6bd3752a031b9b5ce3b8d549c07cb
Secunia Security Advisory 48906
Posted Apr 24, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Egidio Romano has discovered a vulnerability in WebCalendar, which can be exploited by malicious users to disclose sensitive information.

tags | advisory
SHA-256 | 6dfde2541056fccf908e131ed24da1846b5b0614cfa5566b53e7dd5792bd09b5
WordPress All-In-One Event Calendar 1.4 Cross Site Scripting
Posted Apr 12, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress All-In-One Event Calendar plugin version 1.4 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2012-1835
SHA-256 | 3b8eb9270c97fc28a5f090d8f058e8ba0ded6b47444c01a84d736f3dc2552b3e
Secunia Security Advisory 48539
Posted Mar 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Event Calendar PHP, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, php, xss
SHA-256 | 52e564f5d06b57e3926a5e5a7344d354596af34761f379eb57e4a8347e48c78e
Event Calendar PHP 1.0 Cross Site Scripting
Posted Mar 24, 2012
Authored by 3spi0n

Event Calendar PHP 1.0 suffers from a cross site scripting vulnerability. Version 1.1 fixes this issue.

tags | exploit, php, xss
SHA-256 | da5cb4722a4744a9001176ef2a9c67350d54eb420e64cc3e33a32ea6f03e3c76
Acal Calendar 2.2.6 Cross Site Request Forgery
Posted Mar 12, 2012
Authored by Number 7

Acal Calendar version 2.2.6 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 0e0c0091c8525e8caa2926b1fbcb8f12edca74a0d04b1817a239fa0e118a2de6
Facebook View My Calendar SQL Injection
Posted Feb 14, 2012
Authored by Mahamed Saad

Facebook View My Calendar suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 14635c6c195fc0efa5d1adbb437e8919ce07224837d045619a2672bc1776ce6a
Motigo Forums/Calendar/Guestbook Cross Site Scripting
Posted Jan 28, 2012
Authored by Sony

Motigo Forums/Calendar/Guestbook suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e074f30cd50bf25af3c1cf5be79c3b508a7b7422b79fe218e263c28eafd599af
Secunia Security Advisory 47579
Posted Jan 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in the My Calendar plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | df19e5b5a0c38f8b66b9fed866e78c320c22487803533e26a5678b3946bbfaf8
Webcalendar 1.2.4 Cross Site Scripting
Posted Jan 21, 2012
Authored by G13

Webcalendar version 1.2.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 444d58277e10838b3f5daff614c92b32209795aadee5b0c488b80a898c820cad
PHP Booking Calendar 10e Cross Site Scripting
Posted Dec 19, 2011
Authored by G13

PHP Booking Calendar version 10e suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | 482251c8f23fc16eb1e5939226f88efda2fbfdaa271fdaa4fb16a327e01775f1
PHP Calendars SQL Injection
Posted Dec 6, 2011
Authored by Mr.MLL

PHP Calendars suffers from a remote SQL injection vulnerability in eventdisplay.php.

tags | exploit, remote, php, sql injection
SHA-256 | 6dbc3c89fc5ecc6c8a971227682ff2f6c10804afee2c3c1be7410020919b7f94
Secunia Security Advisory 46970
Posted Nov 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in Freelancer calendar, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 6a94a330605d972a049089a0c533c21a6a942d5f98eb69e5633f2a1a962c9521
Freelancer Calendar 1.01 SQL Injection
Posted Nov 19, 2011
Authored by muuratsalo

Freelancer Calendar versions 1.01 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | be67ac306c1efcaf129123dc73d6f56e23d34a6ef1f363bde7389b90fb6b24ea
CalDAV SSL Certificate Validation
Posted Oct 13, 2011
Authored by Knud | Site nsense.fi

nSense Vulnerability Research Security Advisory - The calendar synchronization feature of iOS fails to validate the SSL certificate provided by the server. Therefore, CalDAV communication can be intercepted by a basic man in the middle attack. As every request contains a HTTP basic authentication header, which contains base64-encoded credentials, it is possible to intercept email account credentials by an attacker that is suitably positioned (e.g. the same LAN, WLAN) or is able to tamper with DNS records pointing to the CalDAV server. The application accepts the untrusted certificate without any warning or prompt, so the attack will go unnoticed by the user.

tags | advisory, web
systems | cisco
advisories | CVE-2011-3253
SHA-256 | 1287538d9d82e32529c0d747e336f8c5ebf4984b6eb88af17ffa07e9b262328d
Apple Security Advisory 2011-10-12-1
Posted Oct 13, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-10-12-1 - An iOS 5 software update is now available. It addresses an SSL check in CalDAV, a script injection issue in Calendar, issues in CFNetwork, and 90+ other security issues.

tags | advisory
systems | cisco, apple
advisories | CVE-2011-0166, CVE-2011-0184, CVE-2011-0187, CVE-2011-0192, CVE-2011-0206, CVE-2011-0208, CVE-2011-0216, CVE-2011-0218, CVE-2011-0221, CVE-2011-0222, CVE-2011-0225, CVE-2011-0232, CVE-2011-0233, CVE-2011-0234, CVE-2011-0235, CVE-2011-0238, CVE-2011-0241, CVE-2011-0242, CVE-2011-0254, CVE-2011-0255, CVE-2011-0259, CVE-2011-0981, CVE-2011-0983, CVE-2011-1107, CVE-2011-1109, CVE-2011-1114, CVE-2011-1115, CVE-2011-1117
SHA-256 | a8ca21bf61323da2e049fe8c2ba65cc9cae5928af38fbf284248eee54695f428
iDefense Security Advisory 09.26.11 - Novell Groupwise Memory Corruption
Posted Sep 28, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2662
SHA-256 | c3a21b221a5ca43b424d4c87ecdc5132c8fd5e83be4966ed52bb847af74da8e6
iDefense Security Advisory 09.26.11 - Novell Groupwise Memory Corruption
Posted Sep 28, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs yearly. When adding a sequence of dates, it is possible to trigger an invalid array indexing vulnerability, and write beyond the bounds of a heap buffer. This can lead to the execution of arbitrary code. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2663
SHA-256 | e0e79989e42a8350fda243c95b2a87e6ecde82bbd0ea9bc0fb9a7e5eab17ade1
iDefense Security Advisory 09.26.11 - Novell Groupwise Heap Overflow
Posted Sep 28, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs on weekdays. A heap based buffer overflow can be triggered due to the lack of checks to ensure that there is enough space in the buffer to hold all of the RRULE entry data. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-4325
SHA-256 | 74cad0c15a570d196b3c7330c61160de1f4e97c9b98ebe52b30ebecc7523282c
Novell GroupWise Calendar BYWEEKNO Memory Corruption
Posted Sep 28, 2011
Authored by Alexandre Pelletier, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "ICalProcessYearlyRule()" function within the "gwwww1.dll" component when processing a malformed "BYWEEKNO" property in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.

tags | advisory, remote, overflow
SHA-256 | db76992fc18da1157668a6a0332cdb40c29764ed690037608ce8caa1dc451bd4
Page 1 of 4
Back1234Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close