CVE-2014-3496 – Origin: Command execution as root via downloadable cartridge source-url
https://notcve.org/view.php?id=CVE-2014-3496
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. cartridge_repository.rb en OpenShift Origin and Enterprise 1.2.8 hasta 2.1.1 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en una Url de fuente que termina con una extensión de fichero (1) .tar.gz, (2) .zip, (3) .tgz o (4) .tar en un fichero del manifiesto de cartuchos. • http://rhn.redhat.com/errata/RHSA-2014-0762.html http://rhn.redhat.com/errata/RHSA-2014-0763.html http://rhn.redhat.com/errata/RHSA-2014-0764.html http://secunia.com/advisories/59298 https://bugzilla.redhat.com/show_bug.cgi?id=1110470 https://github.com/openshift/origin-server/pull/5521 https://access.redhat.com/security/cve/CVE-2014-3496 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2014-0233 – OpenShift: downloadable cartridge source url file command execution as root
https://notcve.org/view.php?id=CVE-2014-0233
Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. Red Hat OpenShift Enterprise 2.0 y 2.1 y OpenShift Origin permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de meta-caracteres de shell en el nombre del directorio referenciado por un cartucho (cartridge), usando el fichero : URI scheme. • http://rhn.redhat.com/errata/RHSA-2014-0529.html http://rhn.redhat.com/errata/RHSA-2014-0530.html https://bugzilla.redhat.com/show_bug.cgi?id=1096955 https://access.redhat.com/security/cve/CVE-2014-0233 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2014-1869 – stapler-adjunct-zeroclipboard: multiple cross-site scripting (XSS) flaws
https://notcve.org/view.php?id=CVE-2014-1869
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters). Múltiples vulnerabilidades de XSS en ZeroClipboard.swf en ZeroClipboard anterior a 1.3.2, mantenido por Jon Rohan y James M. Greene, permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores relacionados con ciertos parámetros de consulta SWF (también conocido como loaderInfo.parameters). • http://secunia.com/advisories/56821 http://www.securityfocus.com/bid/65484 https://access.redhat.com/errata/RHSA-2016:0070 https://exchange.xforce.ibmcloud.com/vulnerabilities/91085 https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca https://github.com/zeroclipboard/zeroclipboard/pull/335 https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/security& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-2186 – commons-fileupload: Arbitrary file upload via deserialization
https://notcve.org/view.php?id=CVE-2013-2186
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance. La clase DiskFileItem en Apache Commons FileUpload, tal como se utiliza en Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2 y 6.0.0; y Red Hat JBoss Web Server 1.0.2 permite a atacantes remotos escribir en archivos arbitrarios a través de un byte NULL en un nombre de archivo en una instancia serializada. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00008.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00033.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00050.html http://rhn.redhat.com/errata/RHSA-2013-1428.html http://rhn.redhat.com/errata/RHSA-2013-1429.html http://rhn.redhat.com/errata/RHSA-2013-1430.html http://rhn.redhat.com/errata/RHSA-2013-1442.html http://rhn.redhat.com/errata/RHSA-2013-1448.html http://secunia.com/advis • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •