Lucene search
PRIOn knowledge basePRION:CVE-2012-2395HistoryJun 16, 2012 - 12:55 a.m.
Input validation
2012-06-1600:55:00
PRIOn knowledge base
www.prio-n.com
4
Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.
References
lists.opensuse.org/opensuse-security-announce/2012-05/msg00016.html
lists.opensuse.org/opensuse-security-announce/2012-07/msg00000.html
www.openwall.com/lists/oss-security/2012/05/23/18
www.openwall.com/lists/oss-security/2012/05/23/4
www.osvdb.org/82458
www.securityfocus.com/bid/53666
bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999
github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf
github.com/cobbler/cobbler/issues/141
Related
suse
suse
update for cobbler (important)
2012-05-29 15:08:19
Security update for cobbler (important)
2012-07-03 16:08:22
Security update for cobbler (moderate)
2021-01-11 00:00:00
openvas
openvas
openSUSE: Security Advisory for update (openSUSE-SU-2012:0655-1)
2012-12-13 00:00:00
SuSE Update for update openSUSE-SU-2012:0655-1 (update)
2012-12-13 00:00:00
Cobbler 2.2.0 Command Injection Vulnerability
2012-07-12 00:00:00
nessus
nessus
openSUSE Security Update : cobbler (openSUSE-SU-2012:0655-1)
2014-06-13 00:00:00
RHEL 5 / 6 : cobbler (RHSA-2012:1060)
2013-01-24 00:00:00
Cobbler xmlrpc API power_system Method Remote Shell Command Execution
2012-06-07 00:00:00
gitlab
gitlab
osv
osv
Cobbler subject to Command Injection
2022-05-17 05:27:39
cvelist
cvelist
CVE-2012-2395
2012-06-16 00:00:00
redhat
redhat
(RHSA-2012:1060) Moderate: cobbler security update
2012-07-09 00:00:00
nvd
nvd
CVE-2012-2395
2012-06-16 00:55:07
ubuntucve
ubuntucve
CVE-2012-2395
2012-06-16 00:00:00
cve
cve
CVE-2012-2395
2012-06-16 00:55:07
github
github
Cobbler subject to Command Injection
2022-05-17 05:27:39