VYPR

TotalCalendar

by TotalCalendar

CVEs (2)

  • CVE-2009-4929Jul 12, 2010
    risk 0.03cvss epss 0.02

    admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.

  • CVE-2009-4928Jul 12, 2010
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.