Ajax Full Featured Calendar version 2.0 suffers from a remote SQL injection vulnerability.
7e4cb4721904b05551a81aedec87cece96197fd63c1c8340e14ad44d6f68d0e9
Secunia Security Advisory - Vulnerability Lab has reported two vulnerabilities in Event Calendar PHP, which can be exploited by malicious people to conduct cross-site scripting attacks.
e9af4da3f018b38df037e17c6767170c0fcee29251e0e4451c034a436e0b508c
Event Calendar PHP version 1.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
3ad4f5c685a677a797142b6d779de69baf513ebfcb1464004b838916e0b78d0f
vBulletin version 4.2.0 suffers from a persistent cross site scripting vulnerability in the calendar section.
e7d9b6e67ae5c903fc89ea7cf816b833e7afba6a2dabbdf3f503d0c45e30bc9a
Joomla JCal Pro Calendar component suffers from a remote SQL injection vulnerability.
718c6f3306759a6f708f4f38acbd0ece1f508a8533bc21c9d8a43bdcf0984b38
WebCalendar versions 1.2.4 and below suffer from a remote code execution vulnerability.
505518c769aa0a8f543863fa3ee2b3bea199044e7d9263695e1c25fffbeb5719
This Metasploit modules exploits a vulnerability found in WebCalendar versions 1.2.4 and below. If not removed, the settings.php script meant for installation can be updated by an attacker with injected code. This allows arbitrary code execution as www-data.
29b4c547a774b448684e25b5a3790447dba6bd3752a031b9b5ce3b8d549c07cb
Secunia Security Advisory - Egidio Romano has discovered a vulnerability in WebCalendar, which can be exploited by malicious users to disclose sensitive information.
6dfde2541056fccf908e131ed24da1846b5b0614cfa5566b53e7dd5792bd09b5
WordPress All-In-One Event Calendar plugin version 1.4 suffers from multiple cross site scripting vulnerabilities.
3b8eb9270c97fc28a5f090d8f058e8ba0ded6b47444c01a84d736f3dc2552b3e
Secunia Security Advisory - A vulnerability has been reported in Event Calendar PHP, which can be exploited by malicious people to conduct cross-site scripting attacks.
52e564f5d06b57e3926a5e5a7344d354596af34761f379eb57e4a8347e48c78e
Event Calendar PHP 1.0 suffers from a cross site scripting vulnerability. Version 1.1 fixes this issue.
da5cb4722a4744a9001176ef2a9c67350d54eb420e64cc3e33a32ea6f03e3c76
Acal Calendar version 2.2.6 suffers from a cross site request forgery vulnerability.
0e0c0091c8525e8caa2926b1fbcb8f12edca74a0d04b1817a239fa0e118a2de6
Facebook View My Calendar suffers from a remote SQL injection vulnerability.
14635c6c195fc0efa5d1adbb437e8919ce07224837d045619a2672bc1776ce6a
Motigo Forums/Calendar/Guestbook suffers from a cross site scripting vulnerability.
e074f30cd50bf25af3c1cf5be79c3b508a7b7422b79fe218e263c28eafd599af
Secunia Security Advisory - Two vulnerabilities have been discovered in the My Calendar plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
df19e5b5a0c38f8b66b9fed866e78c320c22487803533e26a5678b3946bbfaf8
Webcalendar version 1.2.4 suffers from a cross site scripting vulnerability.
444d58277e10838b3f5daff614c92b32209795aadee5b0c488b80a898c820cad
PHP Booking Calendar version 10e suffers from a cross site scripting vulnerability.
482251c8f23fc16eb1e5939226f88efda2fbfdaa271fdaa4fb16a327e01775f1
PHP Calendars suffers from a remote SQL injection vulnerability in eventdisplay.php.
6dbc3c89fc5ecc6c8a971227682ff2f6c10804afee2c3c1be7410020919b7f94
Secunia Security Advisory - Multiple vulnerabilities have been discovered in Freelancer calendar, which can be exploited by malicious users to conduct SQL injection attacks.
6a94a330605d972a049089a0c533c21a6a942d5f98eb69e5633f2a1a962c9521
Freelancer Calendar versions 1.01 and below suffer from a remote SQL injection vulnerability.
be67ac306c1efcaf129123dc73d6f56e23d34a6ef1f363bde7389b90fb6b24ea
nSense Vulnerability Research Security Advisory - The calendar synchronization feature of iOS fails to validate the SSL certificate provided by the server. Therefore, CalDAV communication can be intercepted by a basic man in the middle attack. As every request contains a HTTP basic authentication header, which contains base64-encoded credentials, it is possible to intercept email account credentials by an attacker that is suitably positioned (e.g. the same LAN, WLAN) or is able to tamper with DNS records pointing to the CalDAV server. The application accepts the untrusted certificate without any warning or prompt, so the attack will go unnoticed by the user.
1287538d9d82e32529c0d747e336f8c5ebf4984b6eb88af17ffa07e9b262328d
Apple Security Advisory 2011-10-12-1 - An iOS 5 software update is now available. It addresses an SSL check in CalDAV, a script injection issue in Calendar, issues in CFNetwork, and 90+ other security issues.
a8ca21bf61323da2e049fe8c2ba65cc9cae5928af38fbf284248eee54695f428
iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.
c3a21b221a5ca43b424d4c87ecdc5132c8fd5e83be4966ed52bb847af74da8e6
iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs yearly. When adding a sequence of dates, it is possible to trigger an invalid array indexing vulnerability, and write beyond the bounds of a heap buffer. This can lead to the execution of arbitrary code. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.
e0e79989e42a8350fda243c95b2a87e6ecde82bbd0ea9bc0fb9a7e5eab17ade1
iDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs on weekdays. A heap based buffer overflow can be triggered due to the lack of checks to ensure that there is enough space in the buffer to hold all of the RRULE entry data. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.
74cad0c15a570d196b3c7330c61160de1f4e97c9b98ebe52b30ebecc7523282c
VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "ICalProcessYearlyRule()" function within the "gwwww1.dll" component when processing a malformed "BYWEEKNO" property in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.
db76992fc18da1157668a6a0332cdb40c29764ed690037608ce8caa1dc451bd4