18 matches found
EUVD-2014-2957
Malware in sbrugna...
EUVD-2014-2958
Malware in sbrugna...
EUVD-2014-2955
Malware in sbrugna...
EUVD-2014-2956
Malware in sbrugna...
CVE-2014-2933
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname...
CVE-2014-2934
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to 1 costview2/jobs.php or 2 costview2/printers.php...
CVE-2014-2936
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via 1 the maindirhotfolder parameter to dirmng/index.php, or an unspecified parameter to 2 PPD/index.php, 3 dirmng/docmd.php, or 4 dirmng/param.php...
Cross site request forgery (csrf)
costview3/xmlrpcserver/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request...
Sql injection
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via 1 the maindirhotfolder parameter to dirmng/index.php, or an unspecified parameter to 2 PPD/index.php, 3 dirmng/docmd.php, or 4 dirmng/param.php...
Sql injection
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to 1 costview2/jobs.php or 2 costview2/printers.php...
CVE-2014-2934
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to 1 costview2/jobs.php or 2 costview2/printers.php...
CVE-2014-2933
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname...
CVE-2014-2936
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via 1 the maindirhotfolder parameter to dirmng/index.php, or an unspecified parameter to 2 PPD/index.php, 3 dirmng/docmd.php, or 4 dirmng/param.php...
CVE-2014-2936
The CVE-2014-2936 entry concerns Caldera 9.20’s directory manager. The vulnerability stems from dynamic/global variable scope handling in multiple scripts (dirmng/index.php, PPD/index.php, dirmng/docmd.php, dirmng/param.php, via maindir_hotfolder or an unspecified parameter), enabling variable-in...
CVE-2014-2935
CVE-2014-2935 affects CostView in Caldera 9.20. The vulnerability exists in /costview3/xmlrpc_server/xmlrpc.php where a crafted XMLRPC request can inject shell metacharacters in a methodCall, allowing an unauthenticated remote attacker to execute arbitrary commands on the server. Connected source...
CVE-2014-2933
CVE-2014-2933 is a directory traversal vulnerability affecting Caldera 9.20 via the /dirmng/index.php script. The exposed flaw arises from improper limitation of a pathname to a restricted directory, allowing remote unauthenticated attackers to access arbitrary directories on the server. Public r...
CVE-2014-2934
CVE-2014-2934 involves multiple SQL injection vulnerabilities in Caldera 9.20. The affected components are Caldera 9.20’s web interface, specifically the costview2/jobs.php and costview2/printers.php scripts, where the tr parameter is improperly sanitized, enabling remote attackers to execute arb...
Caldera 9.20 contains multiple vulnerabilities
Overview Caldera 9.20, and possibly earlier versions, contains multiple vulnerabilities. Description CWE-22 - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2014-2933Caldera 9.20 and possibly earlier versions contains a path traversal vulnerability due to the...