7 matches found
EUVD-2022-4717
Malicious code in bioql PyPI...
SUSE CVE-2008-6954
The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...
Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability
The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code with the root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...
GHSA-P8W2-F44P-FMCJ Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability
The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code with the root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...
Code injection
The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...
CVE-2008-6954
CVE-2008-6954 affects CobblerWeb in Cobbler before 1.2.9, where the Cheetah template engine can execute Python statements embedded in kickstart templates. This enables remote authenticated users to run arbitrary Python code in cobblerd, effectively compromising the server. The vulnerability stems...