Lucene search
K

4 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2022/05/17 12:0 a.m.27 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2012-2395 cobbler: command injection flaw in the power management XML-RPC API...

7.5CVSS4.1AI score0.05555EPSS
Exploits1References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.34 views

openSUSE Security Update : cobbler (openSUSE-SU-2012:0655-1)

The xmlrpc interface of cobbler was prone to command injectoin %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-296. The text description of this plugin is C SUSE LLC...

7.5CVSS9.4AI score0.05555EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2012/06/16 12:55 a.m.26 views

CVE-2012-2395

Incomplete blacklist vulnerability in actionpower.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 username or 2 password fields to the powersystem method in the xmlrpc API...

7.5CVSS7.5AI score0.05555EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2012/06/07 12:0 a.m.61 views

Cobbler xmlrpc API power_system Method Remote Shell Command Execution

According to its self-reported version, the Cobbler install on the remote host is affected by a command injection vulnerability that can be exploited by sending a specially crafted username or password argument to the 'powersystem' method. Successful exploitation requires an authenticated user an...

7.5CVSS8.3AI score0.05555EPSS
Exploits1References4
Rows per page
Query Builder