Shodan
Vulnerabilities
Vulnerable Software
Webcalendar:  >> Webcalendar  Security Vulnerabilities
CVE-2005-2717
PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts.
CVSS Score
7.5
EPSS Score
0.015
Published
2005-08-29
CVE-2005-2320
WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges.
CVSS Score
7.5
EPSS Score
0.007
Published
2005-07-19
CVE-2005-0474
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
CVSS Score
6.4
EPSS Score
0.006
Published
2005-03-30
CVE-2004-1506
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.
CVSS Score
4.3
EPSS Score
0.004
Published
2004-12-31
CVE-2004-1507
CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server.
CVSS Score
5.0
EPSS Score
0.004
Published
2004-12-31
CVE-2004-1508
init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2004-12-31
CVE-2004-1509
validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encoded_login parameter, which reveals the full path in an error message.
CVSS Score
5.0
EPSS Score
0.004
Published
2004-12-31
CVE-2004-1510
WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php.
CVSS Score
7.5
EPSS Score
0.015
Published
2004-12-31
CVE-2002-2065
WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root.
CVSS Score
5.0
EPSS Score
0.003
Published
2002-12-31
CVE-2001-0477
Vulnerability in WebCalendar 0.9.26 allows remote command execution.
CVSS Score
7.5
EPSS Score
0.019
Published
2001-06-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved