CVE-2013-2068 – RedHat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal
https://notcve.org/view.php?id=CVE-2013-2068
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method. Múltiples vulnerabilidades de recorrido de directorios en AgentController de Red Hat CloudForms Management Engine 2.0, permite a un atacante remoto crear y sobreescribir archivos a discrección a traés de un .. (punto punto) en el parámetro de nombre de archivo para (1) log, (2) upload, o (3) método linuxpgks • https://www.exploit-db.com/exploits/30469 http://rhn.redhat.com/errata/RHSA-2013-1206.html http://www.exploit-db.com/exploits/30469 https://bugzilla.redhat.com/show_bug.cgi?id=960422 https://access.redhat.com/security/cve/CVE-2013-2068 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-4172 – interface: Ruby code injection
https://notcve.org/view.php?id=CVE-2013-4172
The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors. Red Hat CloudForms Management Engine v5.1 permite a administradores remotos ejecutar código Ruby arbitrario a través de vectores no especificados. • http://rhn.redhat.com/errata/RHSA-2013-1157.html https://access.redhat.com/security/cve/CVE-2013-4172 https://bugzilla.redhat.com/show_bug.cgi?id=988644 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •