Lucene search
K

96 matches found

CVE
CVE
added 2014/05/14 7:0 p.m.57 views

CVE-2014-0137

CFME/CloudForms contains an SQL injection in the saved_report_delete action of the ReportController (MiqReportResult.exists) that can be exploited by an authenticated remote user. Affected versions: Red Hat CloudForms Management Engine prior to 5.2.3.2. Reported remediation: upgrade to 5.2.3.2 or...

6.5CVSS8.2AI score0.0143EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2014/05/14 12:0 a.m.4 views

PT-2014-3495 · Red Hat · Red Hat Cloudforms Management Engine

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms Management Engine CFME versions prior to 5.2.3.2 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This is related to the MiqReportResult.exists function in the ReportController...

6.5CVSS7.3AI score0.0143EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2014/05/14 12:0 a.m.5 views

PT-2014-3466 · Red Hat · Red Hat Cloudforms Management Engine

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms Management Engine CFME versions prior to 5.2.3.2 Description: The issue allows remote authenticated users to delete arbitrary catalogs by guessing the catalog ID, specifically targeting the CatalogController. Recommendation...

4CVSS6.3AI score0.01019EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/05/12 6:12 p.m.3 views

CFME: ReportController SQL injection

SQL injection vulnerability in the savedreportdelete action in the ReportController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists...

6.5CVSS6.2AI score0.0143EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/05/12 6:12 p.m.2 views

CFME: multiple authorization bypass vulnerabilities in CatalogController

The CatalogController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID...

4CVSS5.9AI score0.01019EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/05/12 6:12 p.m.80 views

Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whi...

6.5CVSS7.5AI score0.06666EPSS
Exploits7References13
RedHat Linux
RedHat Linux
added 2014/03/11 4:56 p.m.3 views

CFME: Dangerous send in ServiceController

The xbutton method in the ServiceController vmdb/app/controllers/servicecontroller.rb in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors...

7.5CVSS6.1AI score0.01587EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/01/14 7:16 p.m.41 views

Moderate: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which giv...

6.8CVSS5.9AI score0.00602EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2013/12/24 12:0 a.m.32 views

RedHat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal', 'Description' = %q This module exploits a path traversal...

9.4CVSS7.4AI score0.58624EPSS
Exploits4
Packet Storm
Packet Storm
added 2013/12/23 12:0 a.m.44 views

Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal', 'Description' = %q This module exploits a path traversal...

9.4CVSS6.7AI score0.58624EPSS
Exploits4
Metasploit
Metasploit
added 2013/12/09 6:49 p.m.62 views

Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection

This module exploits a SQL injection vulnerability in the "explorer" action of "miqpolicy" controller of the Red Hat CloudForms Management Engine 5.1 ManageIQ Enterprise Virtualization Manager 5.0 and earlier by changing the password of the target account to the specified password. This module...

7.5CVSS8.2AI score0.15659EPSS
Exploits3
NVD
NVD
added 2013/09/28 7:55 p.m.61 views

CVE-2013-2068

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...

9.4CVSS6.9AI score0.58624EPSS
Exploits4References3
Prion
Prion
added 2013/09/28 7:55 p.m.21 views

Directory traversal

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...

9.4CVSS7.4AI score0.58624EPSS
Exploits4References3Affected Software1
RedHat Linux
RedHat Linux
added 2013/09/04 6:7 p.m.3 views

cfme: CFME 2.0 multiple zip file upload path traversal vulnerabilities

Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...

9.4CVSS6AI score0.58624EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2013/09/04 6:7 p.m.33 views

Critical: Red Hat Security Advisory: Red Hat CloudForms Management Engine security update

The RHSA-2013:1157 update for Red Hat CloudForms Management Engine included an additional fix that was not documented in the erratum. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.4CVSS6AI score0.58624EPSS
Exploits4References5
RedHat Linux
RedHat Linux
added 2013/08/19 4:46 p.m.3 views

interface: Ruby code injection

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors...

8.5CVSS6.2AI score0.01255EPSS
Exploits0References4
Rows per page
Query Builder