RSS   Vulnerabilities for 'Php calendars script'   RSS

2010-01-22
 
CVE-2010-0380

CWE-16
 

 
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.

 
2010-01-21
 
CVE-2010-0376

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375.

 
 
CVE-2010-0375

CWE-89
 

 
SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

 
2009-09-15
 
CVE-2009-3197

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.

 

 >>> Vendor: Jce-tech 8 Products
Searchfeed script
Auction rss content script
Php video script
Php calendars script
Affiliate master datafeed parser
Shareasale script
Overstock script
Video niche script


Copyright 2019, cxsecurity.com

 

Back to Top