Caldera » Caldera : Security Vulnerabilities, CVEs,

CVE-2014-2936

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php.
Max CVSS
7.5
EPSS Score
0.29%
Published
2014-05-08
Updated
2014-05-16

CVE-2014-2935

costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.
Max CVSS
10.0
EPSS Score
0.33%
Published
2014-05-08
Updated
2014-05-16

CVE-2014-2934

Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
Max CVSS
7.5
EPSS Score
0.08%
Published
2014-05-08
Updated
2014-07-01

CVE-2014-2933

Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname.
Max CVSS
5.0
EPSS Score
0.56%
Published
2014-05-08
Updated
2014-07-01
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close