6348 matches found
Privilege Escalation
cobbler is vulnerable to privilege escalation. The vulnerability exists due to the lack of template sanitization in the checkforinvalidimports function of templar.py, allowing Cheetah code to import Python modules without permission...
GHSA-6CM4-GM85-972C Command Injection in Cobbler
An issue was discovered in Cobbler through 3.3.0. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
Improper Neutralization of Special Elements used in a Command ('Command Injection')
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the from MODULE import substring. Only lines beginning with import are blocked...
CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
Design/Logic Flaw
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
PYSEC-2022-37
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
microweber 安全漏洞
Microweber is an online store management system from the US Microweber community that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. Microweber has a security vulnerability, and no details of the vulnerability are available at this time...
CVE-2021-45082
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...
Cobbler 命令注入漏洞
Cobbler is a network installation server suite that is primarily used to quickly set up Linux network installations. A command injection vulnerability exists in versions of Cobbler prior to 3.3.1, stemming from the checkforinvalidimports function in the templar.py file, which allows Cheetah code ...
Priceel CMS - Multiple Persistent Web Vulnerabilities
Document Title: =============== Priceel CMS - Multiple Persistent Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2297 Release Date: ============= 2022-02-18 Vulnerability Laboratory ID VL-ID: ==================================== 229...
Input validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25271
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25271
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
TrickBot Malware Targeted Customers of 60 High-Profile Companies Since 2020
The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. "TrickBot is a sophisticated and versatile malware with mor...
[SECURITY] Fedora 35 Update: varnish-modules-0.18.0-5.fc35
This is a collection of modules "vmods" extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods: bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey...
Collect modules can fail on zero amount transfers if treasury fee is set to zero
Lines of code Vulnerability details Impact Treasury fee can be zero, while collect modules do attempt to send it in such a case anyway as there is no check in place. Some ERC20 tokens do not allow zero value transfers, reverting such attempts. This way, a combination of zero treasury fee and such...
Fedora: Security Advisory for varnish-modules (FEDORA-2022-2f14ec7663)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GHSA-V4H8-794J-G8MM Arbitrary File Override in Docker Engine
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...