Vulnerabilities > Mitre

DATE CVE VULNERABILITY TITLE RISK
2021-07-12 CVE-2020-19907 OS Command Injection vulnerability in Mitre Caldera
A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.
network
low complexity
mitre CWE-78
8.8
2020-06-19 CVE-2020-14462 Cross-site Scripting vulnerability in Mitre Caldera 2.7.0
CALDERA 2.7.0 allows XSS via the Operation Name box.
network
mitre CWE-79
3.5
2020-03-22 CVE-2020-10807 Missing Authentication for Critical Function vulnerability in Mitre Caldera
auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header.
network
low complexity
mitre CWE-306
5.0
2008-10-23 CVE-2008-4704 Code Injection vulnerability in Mitre Sezhoo 0.1
PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.
network
low complexity
mitre CWE-94
critical
10.0