EUVD-2024-39290

Malicious code in bioql PyPI...

CVE-2024-40645

FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120...

CVE-2024-41954 FOG Weak file permissions

FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could create new accoun...

CVE-2024-41954

Summary: CVE-2024-41954 affects FOGProject. The vulnerable component is the /opt/fog/.fogsettings file, which stores plaintext service account credentials and is readable by all users on the host. Exploitation of these credentials could allow a malicious user to create new web-application account...

CVE-2024-41108 FOG Sensitive Information Disclosure

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that...

CVE-2024-41108 FOG Sensitive Information Disclosure

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that...

CVE-2024-40645 FOG Authenticated File Upload RCE

FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120...

CVE-2024-40645 FOG Authenticated File Upload RCE

FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120...

CVE-2024-40645

CVE-2024-40645 concerns the FOGProject cloning/imaging/rescue suite. The vulnerability stems from an improperly restricted file upload in the Rebranding feature: authenticated users can bypass checks (client banner image must be 650x120, but no extension checks) and abuse the upload to execute ar...

PT-2024-28963 · Fog · Fog

Name of the Vulnerable Software and Affected Versions: FOG versions prior to 1.5.10.41 Description: The issue is related to an improperly restricted file upload feature in FOG, a cloning/imaging/rescue suite/inventory management system. This allows authenticated users to execute arbitrary code on...

PT-2024-29266 · Fog · Fog

Name of the Vulnerable Software and Affected Versions: FOG versions prior to 1.5.10.41 Description: The hostinfo page in FOG has missing or improper access control, allowing configuration information to be obtained using only the host's mac address, but only if a task is pending on that host...