4 matches found
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2012-2395 cobbler: command injection flaw in the power management XML-RPC API...
openSUSE Security Update : cobbler (openSUSE-SU-2012:0655-1)
The xmlrpc interface of cobbler was prone to command injectoin %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-296. The text description of this plugin is C SUSE LLC...
CVE-2012-2395
Incomplete blacklist vulnerability in actionpower.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 username or 2 password fields to the powersystem method in the xmlrpc API...
Cobbler xmlrpc API power_system Method Remote Shell Command Execution
According to its self-reported version, the Cobbler install on the remote host is affected by a command injection vulnerability that can be exploited by sending a specially crafted username or password argument to the 'powersystem' method. Successful exploitation requires an authenticated user an...