Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter.
http://www.securityfocus.com/bid/14425
http://www.gulftech.org/?node=research&article_id=00092-07302005