Vulnerabilities (CVE)

Filtered by vendor Sun Subscribe
Filtered by product Cobalt Raq 4
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-1361 1 Sun 1 Cobalt Raq 4 2024-11-20 10.0 HIGH N/A
overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.
CVE-2002-0430 1 Sun 3 Cobalt Raq 2, Cobalt Raq 3i, Cobalt Raq 4 2024-11-20 3.7 LOW N/A
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.
CVE-2002-0348 1 Sun 3 Cobalt Raq 2, Cobalt Raq 3i, Cobalt Raq 4 2024-11-20 7.5 HIGH N/A
service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument.
CVE-2002-0347 1 Sun 3 Cobalt Raq 2, Cobalt Raq 3i, Cobalt Raq 4 2024-11-20 5.0 MEDIUM N/A
Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.
CVE-2002-0346 1 Sun 3 Cobalt Raq 2, Cobalt Raq 3i, Cobalt Raq 4 2024-11-20 7.5 HIGH N/A
Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.