96 matches found
CVE-2014-0137
CFME/CloudForms contains an SQL injection in the saved_report_delete action of the ReportController (MiqReportResult.exists) that can be exploited by an authenticated remote user. Affected versions: Red Hat CloudForms Management Engine prior to 5.2.3.2. Reported remediation: upgrade to 5.2.3.2 or...
PT-2014-3495 · Red Hat · Red Hat Cloudforms Management Engine
Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms Management Engine CFME versions prior to 5.2.3.2 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This is related to the MiqReportResult.exists function in the ReportController...
PT-2014-3466 · Red Hat · Red Hat Cloudforms Management Engine
Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms Management Engine CFME versions prior to 5.2.3.2 Description: The issue allows remote authenticated users to delete arbitrary catalogs by guessing the catalog ID, specifically targeting the CatalogController. Recommendation...
CFME: ReportController SQL injection
SQL injection vulnerability in the savedreportdelete action in the ReportController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists...
CFME: multiple authorization bypass vulnerabilities in CatalogController
The CatalogController in Red Hat CloudForms Management Engine CFME before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID...
Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update
Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whi...
CFME: Dangerous send in ServiceController
The xbutton method in the ServiceController vmdb/app/controllers/servicecontroller.rb in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors...
Moderate: Red Hat Security Advisory: cfme security, bug fix, and enhancement update
Updated cfme packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which giv...
RedHat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal', 'Description' = %q This module exploits a path traversal...
Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal', 'Description' = %q This module exploits a path traversal...
Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection
This module exploits a SQL injection vulnerability in the "explorer" action of "miqpolicy" controller of the Red Hat CloudForms Management Engine 5.1 ManageIQ Enterprise Virtualization Manager 5.0 and earlier by changing the password of the target account to the specified password. This module...
CVE-2013-2068
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...
Directory traversal
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...
cfme: CFME 2.0 multiple zip file upload path traversal vulnerabilities
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. dot dot in the filename parameter to the 1 log, 2 upload, or 3 linuxpkgs method...
Critical: Red Hat Security Advisory: Red Hat CloudForms Management Engine security update
The RHSA-2013:1157 update for Red Hat CloudForms Management Engine included an additional fix that was not documented in the erratum. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
interface: Ruby code injection
The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors...