Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules

Openstack Compute Nova Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service CPU and hard drive consumption via a network request that triggers a large number of iptables rules...

GHSA-W7H9-8WR4-HWQH OpenStack Horizon Session Fixation

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

Perforce P4web Cross-Site Scripting Vulnerability (CNVD-2020-13886)

Perforce is a version control software and Perforce P4web is a client software. A cross-site scripting vulnerability exists in Perforce P4web versions 2011.1 and 2012.1. The vulnerability stems from a failure of the web application to properly validate client-side data. An attacker could exploit...

CVE-2013-1410

Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities...

CVE-2013-1410

Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities...

CVE-2011-3147 qcow format could expose host filesystem information

Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem...

PT-2013-2160 · Openstack · Openstack Glance

Name of the Vulnerable Software and Affected Versions: OpenStack Glance versions 2012.1, 2012.2 before 2012.2.3, and 2012.2.3 and earlier of Grizzly Description: The issue allows remote authenticated users to obtain sensitive information by reading error messages. This occurs when the Swift...

Perforce P4web 2011/2012 Web Client XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: Perforce P4web 2011/2012 Web Client XSS Vulnerability Date: 21 Jan 2013 Researcher: Christy Philip Mathew Email: email protected Vendor or Software Link: http://filehost.perforce.com/perforce/r11.1/bin.ntx86/p4webinst.exe...

Open redirect

Open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by...

CVE-2012-3540

The CVE-2012-3540 issue is an open redirect flaw in OpenStack Horizon Essex (2012.1) affecting the login flow. The vulnerability occurs in views/auth_forms.py (auth/login/) where a next parameter can redirect victims to arbitrary sites, enabling phishing after login. Affected Horizon versions req...

PT-2012-4796 · Openstack · Openstack Keystone +1

Name of the Vulnerable Software and Affected Versions: OpenStack Keystone versions prior to folsom-rc1 OpenStack Essex 2012.1 Description: The issue allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API...

CVE-2012-3447

virt/disk/api.py in OpenStack Compute Nova 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an...

Fedora 17 : openstack-nova-2012.1-10.fc17 (2012-9550)

bug fixes and performance improvements from stable essex - fix an exception caused by the fix for CVE-2012-2654 - fix the encoding of the dnsdomains table requires a db sync - fix a crash due to a nova services startup race 825051 - Fix for protocol case handling CVE-2012-2654 Note that Tenable...

CVE-2012-2101

OpenStack Compute (Nova) in Folsom, 2012.1, and 2011.3, is vulnerable because it does not cap the number of security group rules. This allows remote authenticated users with certain permissions to trigger a denial of service by issuing a network request that creates a large number of iptables rul...

DEBIAN-CVE-2012-2094

Cross-site scripting XSS vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard Horizon folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console...

PYSEC-2012-33

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

PYSEC-2012-33

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

CVE-2012-2144

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

CVE-2012-2144

CVE-2012-2144 : Session fixation in OpenStack Horizon (folsom-1 and 2012.1) allows remote attackers to hijack web sessions via the sessionid cookie. Vulnerable component: Horizon UI. Impact: session hijacking via cookie manipulation. Root cause: session fixation through sessionid handling as desc...

Fedora 17 : python-django-horizon-2012.1-3.fc17 (2012-7369)

Fixes session hijack vulnerability Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...