RSS   Vulnerabilities for 'Caldera'   RSS

2014-05-08
 
CVE-2014-2936

CWE-94
 

 
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.php.

 
 
CVE-2014-2935

CWE-78
 

 
costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.

 
 
CVE-2014-2934

CWE-89
 

 
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.

 
 
CVE-2014-2933

CWE-22
 

 
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname.

 

 >>> Vendor: Caldera 16 Products
Openlinux
Unixware
Openserver
Network desktop
COAS
Openlinux lite
Openlinux eserver
Openlinux desktop
Openlinux ebuilder
Openlinux edesktop
Openlinux server
Openlinux workstation
Openunix
Volution
Volution manager
Caldera


Copyright 2024, cxsecurity.com

 

Back to Top