Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
caldera vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-41139
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.
Mitre Caldera
5.4
CVSSv3
CVE-2020-14462
CALDERA 2.7.0 allows XSS via the Operation Name box.
Mitre Caldera 2.7.0
5.3
CVSSv3
CVE-2020-10807
auth_svc in Caldera prior to 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.
Mitre Caldera
4.8
CVSSv3
CVE-2021-24896
The Caldera Forms WordPress plugin prior to 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Calderaforms Caldera Forms
4.8
CVSSv3
CVE-2018-7747
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin prior to 1.6.0-rc.1 for WordPress allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported fo...
Calderalabs Caldera Forms
1 EDB exploit
1 Github repository
NA
CVE-2014-2934
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote malicious users to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
Caldera Caldera 9.20
2 EDB exploits
NA
CVE-2014-2936
The directory manager in Caldera 9.20 allows remote malicious users to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or (4) dirmng/param.p...
Caldera Caldera 9.20
NA
CVE-2014-2933
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote malicious users to access arbitrary directories via a crafted pathname.
Caldera Caldera 9.20
NA
CVE-2014-2935
costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote malicious users to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.
Caldera Caldera 9.20
NA
CVE-2007-0759
Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote malicious users to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, whic...
Umberto Caldera Easymoblog 0.5.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »