An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack.

SQL Injection vulnerability in The LuxCal Web Calendar by LuxSoft v.5.3.4 and before.