195 matches found
Pulp CA Key Read Vulnerability
Pulp is a free and open source platform for managing repositories of content. A key reading vulnerability exists in Pulp's pulp-gen-ca-certificate script, which originates when the program creates a private key in a globally readable file. A local attacker could exploit the vulnerability to read...
CVE-2013-4455
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file...
Design/Logic Flaw
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file...
CVE-2013-4455
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file...
CVE-2012-4574
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file...
CVE-2012-3538
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log...
Default credentials
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file...
Code injection
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log...
CVE-2012-4574
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file...
CVE-2012-4574
CVE-2012-4574 affects Red Hat CloudForms with the Pulp component. The issue arises because the Pulp configuration file, pulp.conf, was installed with world-readable permissions, allowing local users to read the administrative password. The RHSA-2012:1543 update for CloudForms System Engine 1.1 fi...
CVE-2012-3538
CVE-2012-3538 affects Red Hat CloudForms (System Engine) 1.1 and is caused by Pulp logging administrative passwords to a world-readable log file (production.log). This local, file-based disclosure allows a user with access to the log to read administrative credentials and potentially take control...
CVE-2012-3538
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log...
katello: pulp admin password logged in plaintext in world-readable katello/production.log
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log...
Important: Red Hat Security Advisory: CloudForms System Engine 1.1 update
Updated CloudForms System Engine packages that fix multiple security issues, several bugs, and add enhancements are now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...
Site By Electric Pulp Web Site SQL Injection
Site By Electric Pulp Web Site SQL injection Exploit Title: Site By Electric Pulp Web Site SQL injection Vulnerability Date: 08/01/2012 - 16:37 Author: KatiLhacker Software Website: www.electricpulp.com/ Tested On: BackTrack 5 - Win7 Ultimate Platform: PHP $ Dorks: "inurl:"index.php?newsid=" $ De...