Codewalkers Ltwcalendar : Security vulnerabilities, CVEs published in 2006

Copy

CVE-2006-6229

Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file.

Max CVSS

5.0

EPSS Score

0.20%

Published

2006-12-02

Updated

2008-09-05

CVE-2006-6228

Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.

Max CVSS

6.8

EPSS Score

0.32%

Published

2006-12-02

Updated

2008-09-05

CVE-2006-3041

PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement

Max CVSS

7.5

EPSS Score

1.17%

Published

2006-06-15

Updated

2024-04-11

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!