CVE-2014-2936 Information

Description

The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php or an unspecified parameter to (2) PPD/index.php (3) dirmng/docmd.php or (4) dirmng/param.php.

Reference

http://www.kb.cert.org/vuls/id/693092 http://www.securityfocus.com/bid/67254