Vulnerabilities > Cogentdatahub > Cogent Datahub > 7.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-30 | CVE-2014-2354 | Credentials Management vulnerability in Cogentdatahub Cogent Datahub Cogent DataHub before 7.3.5 does not use a salt during password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | 5.0 |
2014-05-30 | CVE-2014-2353 | Cross-Site Scripting vulnerability in Cogentdatahub Cogent Datahub Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-05-30 | CVE-2014-2352 | Path Traversal vulnerability in Cogentdatahub Cogent Datahub Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname. | 6.4 |
2014-05-22 | CVE-2014-3789 | Code Injection vulnerability in Cogentdatahub Cogent Datahub GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors. | 7.5 |
2014-05-22 | CVE-2014-3788 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cogentdatahub Cogent Datahub Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request. | 7.5 |