Page 18 of 94 results (0.012 seconds)

CVSS: 10.0EPSS: 53%CPEs: 1EXPL: 2

CVE-2013-2068 – RedHat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal

https://notcve.org/view.php?id=CVE-2013-2068

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method. Múltiples vulnerabilidades de recorrido de directorios en AgentController de Red Hat CloudForms Management Engine 2.0, permite a un atacante remoto crear y sobreescribir archivos a discrección a traés de un .. (punto punto) en el parámetro de nombre de archivo para (1) log, (2) upload, o (3) método linuxpgks • https://www.exploit-db.com/exploits/30469 http://rhn.redhat.com/errata/RHSA-2013-1206.html http://www.exploit-db.com/exploits/30469 https://bugzilla.redhat.com/show_bug.cgi?id=960422 https://access.redhat.com/security/cve/CVE-2013-2068 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2013-4172 – interface: Ruby code injection

https://notcve.org/view.php?id=CVE-2013-4172

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors. Red Hat CloudForms Management Engine v5.1 permite a administradores remotos ejecutar código Ruby arbitrario a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-1157.html https://access.redhat.com/security/cve/CVE-2013-4172 https://bugzilla.redhat.com/show_bug.cgi?id=988644 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2012-5604

https://notcve.org/view.php?id=CVE-2012-5604

The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors. La gema ldap_fluff para Ruby, tal y como se emplea en Red Hat CloudForms 1.1, cuando se emplea Active Directory para la autenticación, permite que atacantes remotos omitan la autenticación mediante vectores sin especificar. • http://rhn.redhat.com/errata/RHSA-2013-0544.html https://bugzilla.redhat.com/show_bug.cgi?id=882136 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2012-6117 – Configserver: Passwords from application blueprint stored plaintext in configserver.log

https://notcve.org/view.php?id=CVE-2012-6117

Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file. Aeolus Configuration Server, como se usaba en Hat CloudForms Cloud Engine anterior a v1.1.2, usa permisos de lectura para todos en /var/log/aeolus-configserver/configserver.log, lo que permite que usuario locales lean contraseñas en texto plano mediante la lectura de un fichero de log. • http://rhn.redhat.com/errata/RHSA-2013-0545.html https://bugzilla.redhat.com/show_bug.cgi?id=875294 https://access.redhat.com/security/cve/CVE-2012-6117 https://bugzilla.redhat.com/show_bug.cgi?id=906201 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2012-5509 – aeolus-configserver: aeolus-configserver-setup /tmp file conductor credentials leak

https://notcve.org/view.php?id=CVE-2012-5509

aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file. aeolus-configserver-setup en el Aeolas Configuration Server, como se usaba en Red Hat CloudForms Cloud Engine anterior a v1.1.2, usa permisos de lectura para todos en un fichero temporal en /tmp, lo que permite que usuarios locales lean credenciales mediante la lectura de dicho fichero. • http://rhn.redhat.com/errata/RHSA-2013-0545.html https://bugzilla.redhat.com/show_bug.cgi?id=875294 https://access.redhat.com/security/cve/CVE-2012-5509 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •