Lucene search
RedhatCVELIST:CVE-2012-2395HistoryJun 16, 2012 - 12:00 a.m.
CVE-2012-2395
2012-06-1600:00:00
redhat
www.cve.org
4
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
References
lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.html
lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.html
www.openwall.com/lists/oss-security/2012/05/23/18
www.openwall.com/lists/oss-security/2012/05/23/4
www.osvdb.org/82458
www.securityfocus.com/bid/53666
bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999
github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf
github.com/cobbler/cobbler/issues/141
Related
nessus
nessus
RHEL 5 / 6 : cobbler (RHSA-2012:1060)
2013-01-24 00:00:00
openSUSE Security Update : cobbler (openSUSE-SU-2012:0655-1)
2014-06-13 00:00:00
Cobbler xmlrpc API power_system Method Remote Shell Command Execution
2012-06-07 00:00:00
openvas
openvas
SuSE Update for update openSUSE-SU-2012:0655-1 (update)
2012-12-13 00:00:00
Cobbler 2.2.0 Command Injection Vulnerability
2012-07-12 00:00:00
openSUSE: Security Advisory for update (openSUSE-SU-2012:0655-1)
2012-12-13 00:00:00
gitlab
gitlab
suse
suse
Security update for cobbler (important)
2012-07-03 16:08:22
update for cobbler (important)
2012-05-29 15:08:19
Security update for cobbler (moderate)
2021-01-14 00:00:00
prion
prion
Input validation
2012-06-16 00:55:00
osv
osv
Cobbler subject to Command Injection
2022-05-17 05:27:39
cobbler-2.6.6-4.2 on GA media
2024-06-15 00:00:00
redhat
redhat
(RHSA-2012:1060) Moderate: cobbler security update
2012-07-09 00:00:00
nvd
nvd
CVE-2012-2395
2012-06-16 00:55:07
ubuntucve
ubuntucve
CVE-2012-2395
2012-06-16 00:00:00
github
github
Cobbler subject to Command Injection
2022-05-17 05:27:39
cve
cve
CVE-2012-2395
2012-06-16 00:55:07