Page 3 of 12 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors. El método x_button en el controlador de servicio (vmdb/app/controllers/service_controller.rb) en Red Hat CloudForms 3.0 Management Engine 5.2 permite a atacantes remotos ejecutar métodos arbitrarios a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2014-0215.html http://secunia.com/advisories/57376 https://bugzilla.redhat.com/show_bug.cgi?id=1064140 https://access.redhat.com/security/cve/CVE-2014-0057 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0

CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request. CloudForms 3.0 Management Engine anterior a la versión 5.2.1.6 permite a atacantes remotos evadir el mecanismo protect_from_forgery de Ruby on Rails y llevar a cabo ataques de CSRF a través de una acción destructiva en una petición. • http://rhn.redhat.com/errata/RHSA-2014-0025.html http://www.securitytracker.com/id/1029606 https://access.redhat.com/security/cve/CVE-2013-6443 https://bugzilla.redhat.com/show_bug.cgi?id=1044178 • CWE-352: Cross-Site Request Forgery (CSRF) •