sun cobalt raq 4 vulnerabilities and exploits

(subscribe to this query)

overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote malicious users to execute arbitrary code via a POST request with shell metacharacters in the email parameter.

Sun Cobalt Raq 4

1 EDB exploit

Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote malicious users to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.

Sun Cobalt Raq 4 Sun Cobalt Raq 2 Sun Cobalt Raq 3i

1 Github repository

service.cgi in Cobalt RAQ 4 allows remote malicious users to cause a denial of service, and possibly execute arbitrary code, via a long service argument.

Sun Cobalt Raq 4 Sun Cobalt Raq 2 Sun Cobalt Raq 3i

1 Github repository

Directory traversal vulnerability in wget prior to 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.

Gnu Wget 1.8 Gnu Wget 1.8.1 Gnu Wget 1.5.3 Gnu Wget 1.6 Gnu Wget 1.8.2 Sun Cobalt Raq Xtr Gnu Wget 1.7 Gnu Wget 1.7.1

Directory traversal vulnerability in Cobalt RAQ 4 allows remote malicious users to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.

Sun Cobalt Raq 4 Sun Cobalt Raq 2 Sun Cobalt Raq 3i

1 Github repository

MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.

Sun Cobalt Raq 2 Sun Cobalt Raq 3i Sun Cobalt Raq 4

2 EDB exploits

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook