Mitre: Security Vulnerabilities
A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.
CVSS Score
8.8
EPSS Score
0.042
Published
2021-07-12
CALDERA 2.7.0 allows XSS via the Operation Name box.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-06-19
auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-03-22
PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.
CVSS Score
10.0
EPSS Score
0.012
Published
2008-10-23
Page 2