RSS   Vulnerabilities for 'Status2k'   RSS

2020-02-07
 
CVE-2014-5091

CWE-20
 

 
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.

 
2020-01-10
 
CVE-2014-5093

CWE-522
 

 
Status2k does not remove the install directory allowing credential reset.

 
 
CVE-2014-5092

CWE-20
 

 
Status2k allows Remote Command Execution in admin/options/editpl.php.

 
2014-10-20
 
CVE-2014-5094

CWE-200
 

 
Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.

 
2014-08-06
 
CVE-2014-5090

CWE-94
 

 
admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.

 
 
CVE-2014-5089

CWE-89
 

 
SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.

 
 
CVE-2014-5088

 

 
Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top