8 matches found
CVE-2014-1631
CVE-2014-1631 affects Eventum prior to 2.3.5. The root cause is incorrect default permissions in the installation workflow (setup/index.php) allowing remote reinstall, paired with potential code injection through /config/config.php during setup. Affected versions include Eventum 2.3.4 (and earlie...
Multiple Vulnerabilities in Eventum
Advisory ID: HTB23198 Product: Eventum Vendor: Eventum Development Team Vulnerable Versions: 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: January 22, 2014 without technical details Vendor Notification: January 22, 2014 Vendor Patch: January 24, 2014 Public Disclosure:...
Eventum 2.3.4 Incorrect Permissions / Code Injection Vulnerabilities
Eventum version 2.3.4 suffers from incorrect default permission and code injection vulnerabilities. Vendor: Eventum Development Team Vulnerable Versions: 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: January 22, 2014 without technical details Vendor Notification: January 22...
Eventum 2.3.4 - 'hostname' Remote Code Execution
Advisory ID: HTB23198 Product: Eventum Vendor: Eventum Development Team Vulnerable Versions: 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: January 22, 2014 without technical details Vendor Notification: January 22, 2014 Vendor Patch: January 24, 2014 Public Disclosure:...
Eventum 2.3.4 - hostname Remote Code Execution
Eventum 2.3.4 - hostname Remote Code Execution Advisory ID: HTB23198 Product: Eventum Vendor: Eventum Development Team Vulnerable Versions: 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: January 22, 2014 without technical details Vendor Notification: January 22, 2014 Vendor...
Eventum 2.3.4 Incorrect Permissions / Code Injection
Advisory ID: HTB23198 Product: Eventum Vendor: Eventum Development Team Vulnerable Versions: 2.3.4 and probably prior Tested Version: 2.3.4 Advisory Publication: January 22, 2014 without technical details Vendor Notification: January 22, 2014 Vendor Patch: January 24, 2014 Public Disclosure:...
CVE-2014-1631
creationtimestamp| type| source ---|---|--- 2014-01-27 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39065 2014-01-28 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39066...
Multiple Vulnerabilities in Eventum
High-Tech Bridge Security Research Lab discovered vulnerability in Eventum, which can be exploited to reinstall and compromise vulnerable application. 1 Incorrect Default Permissions in Eventum: CVE-2014-1631 The vulnerability exists due to incorrect default permission set for installation script...