CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56003 – WordPress Caldera SMTP Mailer plugin <= 1.0.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-56003
14 Dec 2024 — Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer.This issue affects Caldera SMTP Mailer: from n/a through 1.0.1. The Caldera SMTP Mailer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/caldera-smtp-mailer/vulnerability/wordpress-caldera-smtp-mailer-plugin-1-0-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2933
https://notcve.org/view.php?id=CVE-2014-2933
08 May 2014 — Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname. Vulnerabilidad de salto de directorio en dirmng/index.php en Caldera 9.20 permite a atacantes remotos acceder a directorios arbitrarios a través de un nombre de ruta manipulado. • http://www.kb.cert.org/vuls/id/693092 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2014-2934 – Caldera - '/costview2/jobs.php?tr' SQL Injection
https://notcve.org/view.php?id=CVE-2014-2934
08 May 2014 — Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. Múltiples vulnerabilidades de inyección SQL en Caldera 9.20 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro tr hacia (1) costview2/jobs.php o (2) costview2/printers.php. • https://www.exploit-db.com/exploits/39173 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-2935
https://notcve.org/view.php?id=CVE-2014-2935
08 May 2014 — costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request. costview3/xmlrpc_server/xmlrpc.php en CostView en Caldera 9.20 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en un elemento methodCall en una solicitud PHP XMLRPC. • http://www.kb.cert.org/vuls/id/693092 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-2936
https://notcve.org/view.php?id=CVE-2014-2936
08 May 2014 — The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php. El gestor de directorio en Caldera 9.20 permite a atacantes remotos realizar ataques de inyección variable en el ámbito global a través de (1) el parámetro maindir_hotfolder hacia dirmng/index.php, o un parámetro no especificado hacia... • http://www.kb.cert.org/vuls/id/693092 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2007-0759 – EasyMoblog 0.5.1 - Multiple Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-0759
06 Feb 2007 — Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php. Múltiples vulnerabilidades de inyección SQL en EasyMoblog 0.5.1 permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) i o (2) post_id de add_comment.php,... • https://www.exploit-db.com/exploits/29559 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2003-0658
https://notcve.org/view.php?id=CVE-2003-0658
03 Sep 2003 — Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2003-0658 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1231
https://notcve.org/view.php?id=CVE-2002-1231
04 Nov 2002 — SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc. SCO UnixWare 7.1.1 y OpenUNIX 8.0.0 permite a usuarios locales causar una denegación de servicio mediante una llamada rpc en /proc. • ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.41 •
CVSS: 5.5EPSS: 2%CPEs: 9EXPL: 0CVE-2002-1199
https://notcve.org/view.php?id=CVE-2002-1199
28 Oct 2002 — The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments. El procedimiento getdbm en ypxfrd permite a usuarios locales leer ficheros arbitrarios, y a atacantes remotos leer bases de datos fuera de /var/yp, mediante ataques de atravesamiento de directorios y de enlaces simbólicos en los argumentos de dominio y mapa. • ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40 •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 1CVE-2002-0835
https://notcve.org/view.php?id=CVE-2002-0835
04 Oct 2002 — Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones. El servidor Preboot eXecution Environment (PXE) permite a atacantes remotos causar una denegación de servicio (caída) mediante ciertos paquetes DHCP (Dinamic Host Configuraion Protocol) de teléfonos Voz-sobre-IP (VOIP). • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt •