PT-2024-31669 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions 2.4.196 and earlier Description: The issue concerns improper access restriction to bookmarks data in MISP when the user is not an org admin, specifically within the app/Controller/BookmarksController.php file. Recommendations: F...

Arbitrary Code Execution

The Foreman is vulnerable to arbitrary code execution. Due to a flaw found in the create method of the Foreman Bookmarks controller. any user who can create a bookmark can execute malicious code with the privileges of the user running Foreman, giving them control of the system running Foreman and...

CVE-2013-2121

Foreman (Red Hat OpenStack/Satellite) CVE-2013-2121 is an eval injection in the create action of the bookmarks controller. Before 1.2.0-RC2, remote authenticated users with bookmark-creation permissions can execute arbitrary code via a controller name attribute. Public references note code inject...

Foreman (Red Hat OpenStack/Satellite) Code Injection Vulnerability

This Metasploit module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions...

Foreman (Red Hat OpenStack/Satellite) bookmarks/create Code Injection

This module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier. This module requires Metasploit: https://metasploit.com/download Current source:...