2 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 4

Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en crowbar_framework/app/views/support/index.html, en el Crowbar barclamp en Crowbar, posiblemente v1.4 y anteriores, permite a atacantes remotos autenticados inyectar secuencias de comandos web o HTML a través del parámetro file para /utils • https://www.exploit-db.com/exploits/37690 http://www.openwall.com/lists/oss-security/2012/08/31/1 http://www.securityfocus.com/bid/55315 https://bugzilla.novell.com/show_bug.cgi?id=771840 https://github.com/SUSE-Cloud/barclamp-crowbar/commit/90e905b7668a1cc884fb70040f96c7a0a287de48 https://github.com/SUSE-Cloud/barclamp-crowbar/commit/a82ed926c6e3ba2b0cada213c35e4b00f34ea629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 2

The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names. El plugin Crowbar Ohai (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) en el Deployer Barclamp en Crowbar, posiblemente v1.4 y anteriores, permite a usuarios locales ejecutar una shell mediante vectores relacionados con una manipulación insegura de ficheros temporales y nombres de fichero predecibles. • http://osvdb.org/84955 http://secunia.com/advisories/50442 http://www.openwall.com/lists/oss-security/2012/08/27/5 http://www.openwall.com/lists/oss-security/2012/08/27/7 http://www.securityfocus.com/bid/55240 https://bugzilla.novell.com/show_bug.cgi?id=774967 https://exchange.xforce.ibmcloud.com/vulnerabilities/78041 https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8 https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53 • CWE-264: Permissions, Privileges, and Access Controls •