Lucene search
AnonymousZDI-15-438HistorySep 08, 2015 - 12:00 a.m.
Cogent DataHub Gamma Command Injection Remote Code Execution Vulnerability
2015-09-0800:00:00
Anonymous
www.zerodayinitiative.com
18
0.298 Low
EPSS
Percentile
96.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cogent DataHub. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EvalExpresssion method, which is available remotely through the AJAX facility. Using this method, it is possible to execute arbitrary Gamma code. By supplying a specially formatted Gamma script, a remote attacker can execute arbitrary OS commands in the context of the DataHub process.
Related
zdi
zdi
Cogent DataHub Command Injection Remote Code Execution Vulnerability
2014-05-19 00:00:00
zdt
zdt
Cogent DataHub Command Injection Exploit
2014-06-27 00:00:00
prion
prion
Command injection
2014-05-22 23:55:00
cve
cve
CVE-2014-3789
2014-05-22 23:55:03
ics
ics
Cogent DataHub Code Injection Vulnerability
2018-09-06 12:00:00
Cogent DataHub Code Injection Vulnerability
2018-08-27 12:00:00
packetstorm
packetstorm
Cogent DataHub Command Injection
2014-06-25 00:00:00
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2014-3789
2014-05-22 23:55:03
cvelist
cvelist
CVE-2014-3789
2014-05-22 23:00:00
nessus
nessus
Cogent DataHub < 7.3.5 Multiple Vulnerabilities
2014-06-19 00:00:00