Cogentdatahub: >> Cogent Datahub >> 7.3.1 Security Vulnerabilities
The directory specifier can include designators that can be used to
traverse the directory path. Exploiting this vulnerability may enable an
attacker to access a limited number of hardcoded file types. Further
exploitation of this vulnerability may allow an attacker to cause the
web server component to enter a denial-of-service condition.
CVSS Score
7.8
EPSS Score
0.004
Published
2014-05-30
Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
7.1
EPSS Score
0.005
Published
2014-05-30
Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
CVSS Score
6.0
EPSS Score
0.001
Published
2014-05-30
Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request.
CVSS Score
7.5
EPSS Score
0.032
Published
2014-05-22
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.71
Published
2014-05-22