CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2935
https://notcve.org/view.php?id=CVE-2014-2935
costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request. costview3/xmlrpc_server/xmlrpc.php en CostView en Caldera 9.20 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un elemento methodCall en una solicitud PHP XMLRPC. • http://www.kb.cert.org/vuls/id/693092 http://www.securityfocus.com/bid/67252 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2014-2934 – Caldera - '/costview2/jobs.php?tr' SQL Injection
https://notcve.org/view.php?id=CVE-2014-2934
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. Múltiples vulnerabilidades de inyección SQL en Caldera 9.20 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro tr hacia (1) costview2/jobs.php o (2) costview2/printers.php. • https://www.exploit-db.com/exploits/39173 https://www.exploit-db.com/exploits/39174 http://www.kb.cert.org/vuls/id/693092 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2014-2936
https://notcve.org/view.php?id=CVE-2014-2936
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php. El gestor de directorio en Caldera 9.20 permite a atacantes remotos realizar ataques de inyección variable en el ámbito global a través de (1) el parámetro maindir_hotfolder hacia dirmng/index.php, o un parámetro no especificado hacia (2) PPD/index.php, (3) dirmng/docmd.php o (4) dirmng/param.php. • http://www.kb.cert.org/vuls/id/693092 http://www.securityfocus.com/bid/67254 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2933
https://notcve.org/view.php?id=CVE-2014-2933
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname. Vulnerabilidad de salto de directorio en dirmng/index.php en Caldera 9.20 permite a atacantes remotos acceder a directorios arbitrarios a través de un nombre de ruta manipulado. • http://www.kb.cert.org/vuls/id/693092 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 4CVE-2007-0759 – EasyMoblog 0.5.1 - Multiple Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-0759
Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php. Múltiples vulnerabilidades de inyección SQL en EasyMoblog 0.5.1 permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) i o (2) post_id de add_comment.php, lo cual dispara una inyección en libraries.inc.php; o (3) el parámetro i de list_comments.php, que dispara una inyección en libraries.in.php. • https://www.exploit-db.com/exploits/29559 http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0052.html http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0054.html http://osvdb.org/33636 http://secunia.com/advisories/19370 http://www.securityfocus.com/bid/22369 http://www.zion-security.com/text/Sql_Vulnerability_EasymoBlog%232.txt http://www.zion-security.com/text/Sql_Vulnerability_EasymoBlog.txt •