CVE-2017-1000225

Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssididyoumean could allow unauthenticated attacker to do almost anything an admin can...

Linux Distros Unpatched Vulnerability : CVE-2018-1000225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable...

RHEL 8 : cobbler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cobbler: XMLRPC API endpoints are not correctly validating security tokens CVE-2018-1000226 - Cobbler...

RHEL 8 : cobbler (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cobbler: XMLRPC API endpoints are not correctly validating security tokens CVE-2018-1000226 - Cobbler...

CVE-2016-1000225

The connected advisories identify a SQL Injection vulnerability in Sequelize involving models with the GEOMETRY DataType and GeoJSON handling. Specifically, unescaped single quotes in GeoJSON documents processed by ST_GeomFromGeoJSON (and GeomFromText for MySQL) allow injection in affected models...

openSUSE: Security Advisory for cobbler (openSUSE-SU-2018:2590-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for cobbler (important)

This update for cobbler fixes the following issues: Security issues fixed: - Forbid exposure of private methods in the API CVE-2018-10931, CVE-2018-1000225, bsc1104287, bsc1104189, bsc1105442 - Check access token when calling 'modifysetting' API endpoint bsc1104190, bsc1105440, CVE-2018-1000226...

CVE-2018-1000225

CVE-2018-1000225 is an XSS vulnerability in Cobbler’s web interface (cobbler-web) that can escalate privileges to admin. Technical details in the sources indicate the issue affects Cobbler versions at least as early as 2.0.0+ and is present in 2.6.11+ according to the description. The exploit pat...

CVE-2017-1000225

CVE-2017-1000225 concerns a reflected XSS in Relevanssi Premium 1.14.8 for WordPress when using relevanssi_didyoumean() . The flaw could allow an unauthenticated attacker to perform almost anything an admin can. Affected component is the Relevanssi Premium plugin; root cause is reflected XSS. The...