5 matches found
Cogent DataHub Web Server GetPermissions.asp Command Injection (CVE-2014-3789)
A remote command injection vulnerability has been reported in Cogent DataHub. The vulnerability is due to insufficient validation within the GetPermissions.asp page. A remote attacker can exploit this vulnerability by submitting a maliciously crafted request to GetPermissions.asp. This can result...
Cogent DataHub - Command Injection (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Cogent DataHub Command Injection', 'Description' = %q This module exploits an injection vulnerability in Cogent DataHub prior to 7.3....
CVE-2014-3789
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors...
CVE-2014-3789
CVE-2014-3789 affects Cogent Real-Time Systems’ Cogent DataHub web server. The vulnerability lies in GetPermissions.asp, where insecure use of the datahub_command function with user-supplied input enables remote command execution. Public sources indicate this could be exploited remotely and led t...
Cogent DataHub Code Injection Vulnerability
OVERVIEW NCCIC/ICS-CERT has become aware of a code injection vulnerability affecting the Cogent DataHub application produced by Cogent Real-Time Systems, Inc. hereafter referred to as Cogent. Security researcher John Leitch reported this vulnerability to the Zero Day Initiative ZDI, who then...