Search
Find a vulnerability
Search criteria
14 vulnerabilities found for status2k by status2k
CVE-2014-5091 (GCVE-0-2014-5091)
Vulnerability from nvd – Published: 2020-02-07 17:17 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
| http://www.exploit-db.com/exploits/34239 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
| https://www.securityfocus.com/bid/69008 | x_refsource_MISC |
Date Public
2014-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/69008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-07T17:17:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/34239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/69008"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"name": "http://www.exploit-db.com/exploits/34239",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/34239"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111"
},
{
"name": "https://www.securityfocus.com/bid/69008",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/69008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5091",
"datePublished": "2020-02-07T17:17:33.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5093 (GCVE-0-2014-5093)
Vulnerability from nvd – Published: 2020-01-10 13:34 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
Status2k does not remove the install directory allowing credential reset.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Status2k does not remove the install directory allowing credential reset."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-10T13:34:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Status2k does not remove the install directory allowing credential reset."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95113",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5093",
"datePublished": "2020-01-10T13:34:04.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5092 (GCVE-0-2014-5092)
Vulnerability from nvd – Published: 2020-01-10 13:28 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
Status2k allows Remote Command Execution in admin/options/editpl.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Status2k allows Remote Command Execution in admin/options/editpl.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-10T13:28:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Status2k allows Remote Command Execution in admin/options/editpl.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95112",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5092",
"datePublished": "2020-01-10T13:28:59.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5094 (GCVE-0-2014-5094)
Vulnerability from nvd – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"name": "status2k-cve20145094-info-disc(95114)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"name": "status2k-cve20145094-info-disc(95114)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"name": "status2k-cve20145094-info-disc(95114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5094",
"datePublished": "2014-10-20T15:00:00.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5090 (GCVE-0-2014-5090)
Vulnerability from nvd – Published: 2014-08-06 18:00 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
Date Public
2014-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-06T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5090",
"datePublished": "2014-08-06T18:00:00.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5089 (GCVE-0-2014-5089)
Vulnerability from nvd – Published: 2014-08-06 18:00 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
Date Public
2014-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-06T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5089",
"datePublished": "2014-08-06T18:00:00.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5088 (GCVE-0-2014-5088)
Vulnerability from nvd – Published: 2014-08-06 18:00 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/69012 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
Date Public
2014-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69012"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-12T14:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69012"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69012"
},
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5088",
"datePublished": "2014-08-06T18:00:00.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5091 (GCVE-0-2014-5091)
Vulnerability from cvelistv5 – Published: 2020-02-07 17:17 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
| http://www.exploit-db.com/exploits/34239 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
| https://www.securityfocus.com/bid/69008 | x_refsource_MISC |
Date Public
2014-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34239"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/69008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-07T17:17:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/34239"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/69008"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"name": "http://www.exploit-db.com/exploits/34239",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/34239"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95111"
},
{
"name": "https://www.securityfocus.com/bid/69008",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/69008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5091",
"datePublished": "2020-02-07T17:17:33.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5093 (GCVE-0-2014-5093)
Vulnerability from cvelistv5 – Published: 2020-01-10 13:34 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
Status2k does not remove the install directory allowing credential reset.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Status2k does not remove the install directory allowing credential reset."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-10T13:34:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Status2k does not remove the install directory allowing credential reset."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95113",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5093",
"datePublished": "2020-01-10T13:34:04.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5092 (GCVE-0-2014-5092)
Vulnerability from cvelistv5 – Published: 2020-01-10 13:28 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
Status2k allows Remote Command Execution in admin/options/editpl.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Status2k allows Remote Command Execution in admin/options/editpl.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-10T13:28:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Status2k allows Remote Command Execution in admin/options/editpl.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95112",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5092",
"datePublished": "2020-01-10T13:28:59.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5094 (GCVE-0-2014-5094)
Vulnerability from cvelistv5 – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"name": "status2k-cve20145094-info-disc(95114)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"name": "status2k-cve20145094-info-disc(95114)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
},
{
"name": "status2k-cve20145094-info-disc(95114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5094",
"datePublished": "2014-10-20T15:00:00.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5090 (GCVE-0-2014-5090)
Vulnerability from cvelistv5 – Published: 2014-08-06 18:00 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
Date Public
2014-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-06T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5090",
"datePublished": "2014-08-06T18:00:00.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5089 (GCVE-0-2014-5089)
Vulnerability from cvelistv5 – Published: 2014-08-06 18:00 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
Date Public
2014-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-06T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5089",
"datePublished": "2014-08-06T18:00:00.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5088 (GCVE-0-2014-5088)
Vulnerability from cvelistv5 – Published: 2014-08-06 18:00 – Updated: 2024-08-06 11:34
VLAI
EPSS
VEX
Summary
Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/69012 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.com/files/127719/Statu… | x_refsource_MISC |
Date Public
2014-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69012"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-12T14:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69012"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69012"
},
{
"name": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5088",
"datePublished": "2014-08-06T18:00:00.000Z",
"dateReserved": "2014-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}