Page 3 of 12 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 59EXPL: 0

Cobbler before 1.6.1 does not properly determine whether an installation has the default password, which makes it easier for attackers to obtain access by using this password. Cobbler, en versiones anteriores a la 1.6.1, no determina de manera apropiada si una instalación tiene la contraseña por defecto, lo que facilita a los atacantes obtener acceso usando esta contraseña. • http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz https://exchange.xforce.ibmcloud.com/vulnerabilities/64734 • CWE-255: Credentials Management Errors •

CVSS: 8.5EPSS: 0%CPEs: 82EXPL: 0

template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954. template_api.py en Cobbler, en versiones anteriores a la 2.0.7, como es usado en Red Hat Network Satellite Server y otros productos, no deshabilita la posiblidad del motor de plantillas Cheetah de ejecutar declaraciones Python contenidas en plantillas, lo que permite a administradores remotos autenticados ejecutar código de su elección mediante un fichero de plantilla kickstart manipulado, una vulnerabilidad diferente a CVE-2008-6954. • http://people.fedoraproject.org/~shenson/cobbler/cobbler-2.0.8.tar.gz http://www.redhat.com/support/errata/RHSA-2010-0775.html https://bugzilla.redhat.com/show_bug.cgi?id=607662 https://access.redhat.com/security/cve/CVE-2010-2235 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •