Cogentdatahub: >> Cogent Datahub >> 7.3.0 Security Vulnerabilities
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-03-29
Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname.
CVSS Score
6.4
EPSS Score
0.003
Published
2014-05-30
Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.006
Published
2014-05-30
Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-05-30
Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request.
CVSS Score
7.5
EPSS Score
0.091
Published
2014-05-22
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.642
Published
2014-05-22