WebCalendar

WebCalendar is a PHP-based calendar software application that can be configured as a single-user calendar, a multi-user calendar for groups of users, or as an event calendar viewable by visitors. MySQL, PostgreSQL, Oracle, DB2, Interbase, MS SQL Server, or ODBC is required.

Webcalendar Screenshots

In this page you can see various images of Webcalendar, a PHP-based calendar application

Try for free WebCalendar below (OnLine demo!)
WebCalendar OnLine Demo

Share

WebCalendar Security Vulnerabilities

  • Thu, 23 February 2012, 4.47

  • Wed, 28 September 2011, 7.10
    111WebCalendar Multiple Script Direct Request Path Disclosure
    Solution: SOLUTION UNKNOWN!

  • Mon, 19 September 2011, 12.11
    WebCalendar login.php last_login Parameter XSS
    WebCalendar contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'last_login' parameter upon submission to the login.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
    Solution: SOLUTION UNKNOWN!

  • Mon, 19 September 2011, 12.11
    WebCalendar colors.php color Parameter XSS
    WebCalendar contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'color' parameter upon submission to the colors.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
    Solution: SOLUTION UNKNOWN!

  • Sun, 22 May 2011, 5.04
    WebCalendar Multiple Script Direct Request Path Disclosure
    WebCalendar contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to multiple scripts, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
    Solution: Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Disable php error_display off.

  • Tue, 05 April 2011, 23.25
    WebCalendar edit_entry_handler.php Multiple Parameter XSS
    WebCalendar contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'name', 'description' and 'location' parameters upon submission to the edit_entry_handler.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
    Solution: SOLUTION UNKNOWN!

  • Wed, 17 February 2010, 15.02
    WebCalendar Admin Password Change Request CSRF
    WebCalendar contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions such as delete an event, ban an IP address from posting, or change the administrative password. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
    Solution: SOLUTION UNKNOWN!