Page 8 of 49 results (0.017 seconds)

CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 1

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. Smart-Proxy en Foreman anterior a 1.4.5 y 1.5.x anterior a 1.5.1 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro path en tftp/fetch_boot_file. • https://www.exploit-db.com/exploits/39222 http://projects.theforeman.org/issues/6086 http://rhn.redhat.com/errata/RHSA-2014-0770.html https://access.redhat.com/security/cve/CVE-2014-0007 https://bugzilla.redhat.com/show_bug.cgi?id=1105369 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API. Foreman anterior a 1.1 permite a atacantes remotos ejecutar código arbitrario a través de un objeto YAML hacia la API (1) fact o (2) report import. • http://projects.theforeman.org/issues/2069 http://theforeman.org/security.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0

The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors. Smart Proxy en Foreman anterior a 1.1 utiliza un umask configurado a 0, lo que permite a usuarios locales modificar archivos creados por el demonio a través de vectores no especificados. • http://projects.theforeman.org/issues/1929 http://theforeman.org/security.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. La API clasificador de nodos externos (ENC) en Foreman anterior a 1.1 permite a atacantes remotos obtener contraseñas root en hash a través de una solicitud API. • http://projects.theforeman.org/issues/2069 http://theforeman.org/security.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request. Foreman anterior a 1.1 permite a usuarios remotos autenticados ganar privilegios a través de una solicitud (1) XMLHttpRequest o (2) AJAX. • http://theforeman.org/security.html • CWE-264: Permissions, Privileges, and Access Controls •