CVE-2004-1400

ASP Calendar - Unauthenticated Unauthorized Access via Direct Request to main.asp

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1400. PoCs published by ali reza AcTiOnSpIdEr.

AI-analyzed exploit summary This is a vulnerability writeup describing an unauthorized administrative access issue in ASP Calendar Version 1. The attacker can access the admin script directly via a predictable URL path.

Description

The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp.

Exploits (1)

exploitdb WRITEUP VERIFIED
by ali reza AcTiOnSpIdEr · textwebappsasp
https://www.exploit-db.com/exploits/24838

This is a vulnerability writeup describing an unauthorized administrative access issue in ASP Calendar Version 1. The attacker can access the admin script directly via a predictable URL path.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ASP Calendar Version 1
No auth needed
Prerequisites: Knowledge of the target directory path
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110304839629822&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18474
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11931

Scores

EPSS 0.0722
EPSS Percentile 93.6%

Details

Status published
Products (1)
active_server_corner/asp_calendar 1.0
Published Dec 31, 2004
Tracked Since Feb 18, 2026