Calendar Security Vulnerabilities
login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to...
6.8AI Score
0.026EPSS
Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant...
7.5AI Score
0.026EPSS
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d)...
8.5AI Score
0.002EPSS
SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m...
8.9AI Score
0.003EPSS
SQL injection vulnerability in index.php in 88Script's Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m...
8.8AI Score
0.006EPSS
Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Corporate Calendar allow remote attackers to execute arbitrary SQL commands via the Event_ID parameter to (1) defer.asp or (2)...
8.5AI Score
0.006EPSS
SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown...
8.4AI Score
0.008EPSS
Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id...
8.9AI Score
0.002EPSS
Directory traversal vulnerability in Mike Spice My Calendar before 1.5 allows remote attackers to write arbitrary files via .. (dot dot) sequences in a...
7.2AI Score
0.005EPSS
SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid...
8.8AI Score
0.005EPSS
The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to (1) config.php, (2) index.php, or (3) submit.php, which reveal the full path in an error...
7AI Score
0.007EPSS
Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event...
6.5AI Score
0.009EPSS
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1)...
7.6AI Score
0.184EPSS
The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to...
7.1AI Score
0.025EPSS
Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default...
6.6AI Score
0.008EPSS
iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure...
7.2AI Score
0.0004EPSS
The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell...
7.7AI Score
0.022EPSS