Vincent Hor
Products
3- 7 CVEs
- 4 CVEs
- 1 CVE
Recent CVEs
11| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-3182 | 0.04 | — | 0.11 | Jun 26, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835. | ||
| CVE-2007-3183 | 0.03 | — | 0.02 | Jun 26, 2007 | Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php. | ||
| CVE-2006-1835 | 0.03 | — | 0.01 | Apr 19, 2006 | Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter. | ||
| CVE-2007-3258 | 0.00 | — | 0.00 | Jun 27, 2007 | calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message. | ||
| CVE-2007-3259 | 0.00 | — | 0.01 | Jun 26, 2007 | Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages. | ||
| CVE-2006-4135 | 0.00 | — | 0.02 | Aug 14, 2006 | PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: this issue has been disputed by a third party, who says that the affected $calpath variable is set to a constant value in the beginning of the script. CVE concurs that the initial report is invalid | ||
| CVE-2006-3094 | 0.00 | — | 0.01 | Jun 19, 2006 | Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) cal_event.php and (2) cal_popup.php. | ||
| CVE-2006-0492 | 0.00 | — | 0.02 | Feb 1, 2006 | Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865. | ||
| CVE-2005-1865 | 0.00 | — | 0.02 | Jun 9, 2005 | Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php. | ||
| CVE-2005-1864 | 0.00 | — | 0.00 | Jun 9, 2005 | PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter. | ||
| CVE-2005-1866 | 0.00 | — | 0.00 | May 31, 2005 | Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter. |
- CVE-2007-3182Jun 26, 2007risk 0.04cvss —epss 0.11
Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835.
- CVE-2007-3183Jun 26, 2007risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php.
- CVE-2006-1835Apr 19, 2006risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.
- CVE-2007-3258Jun 27, 2007risk 0.00cvss —epss 0.00
calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message.
- CVE-2007-3259Jun 26, 2007risk 0.00cvss —epss 0.01
Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages.
- CVE-2006-4135Aug 14, 2006risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: this issue has been disputed by a third party, who says that the affected $calpath variable is set to a constant value in the beginning of the script. CVE concurs that the initial report is invalid
- CVE-2006-3094Jun 19, 2006risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) cal_event.php and (2) cal_popup.php.
- CVE-2006-0492Feb 1, 2006risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865.
- CVE-2005-1865Jun 9, 2005risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.
- CVE-2005-1864Jun 9, 2005risk 0.00cvss —epss 0.00
PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter.
- CVE-2005-1866May 31, 2005risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter.