4 matches found
Cobbler subject to Command Injection
A Command Injection in actionpower.py in Cobbler prior to v2.6.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 username or 2 password fields to the powersystem method in the xmlrpc API...
GHSA-G34C-MG6M-XVXJ Cobbler subject to Command Injection
A Command Injection in actionpower.py in Cobbler prior to v2.6.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 username or 2 password fields to the powersystem method in the xmlrpc API...
CVE-2012-2395
Incomplete blacklist vulnerability in actionpower.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 username or 2 password fields to the powersystem method in the xmlrpc API...
CVE-2012-2395
CVE-2012-2395 corresponds to a command-injection flaw in Cobbler's XML-RPC power_system API (action_power.py). The root cause is an incomplete blacklist allowing shell metacharacters in the username or password fields, enabling remote command execution. The CVE affected Cobbler 2.2.0, with a NVD ...