Lucene search
+L

38 matches found

OSV
OSV
added 2013/03/20 4:55 p.m.2 views

DEBIAN-CVE-2013-2275

The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors...

4CVSS6.9AI score0.02908EPSS
Exploits0References1
OSV
OSV
added 2013/03/20 4:55 p.m.3 views

DEBIAN-CVE-2013-1640

The 1 template and 2 inlinetemplate functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request...

9CVSS7.8AI score0.04927EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2012/12/04 7:24 p.m.8 views

puppet: authenticated clients allowed to delete arbitrary files on the puppet master

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...

3.5CVSS5.9AI score0.01882EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2012/12/04 7:24 p.m.6 views

puppet: authenticated clients allowed to read arbitrary files from the puppet master

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request...

4CVSS5.9AI score0.01914EPSS
Exploits1References5
Prion
Prion
added 2012/08/06 4:55 p.m.26 views

Design/Logic Flaw

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for lastrunreport.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file...

2.1CVSS6AI score0.00481EPSS
Exploits1References7Affected Software2
FreeBSD
FreeBSD
added 2012/07/10 12:0 a.m.47 views

puppet -- multiple vulnerabilities

puppet -- multiple vulnerabilities Arbitrary file read on the puppet master from authenticated clients high. It is possible to construct an HTTP get request from an authenticated client with a valid certificate that will return the contents of an arbitrary file on the Puppet master that the maste...

4.3CVSS6.2AI score0.02453EPSS
Exploits3References4
FreeBSD
FreeBSD
added 2012/07/05 12:0 a.m.39 views

puppet -- multiple vulnerabilities

puppet -- multiple vulnerabilities Arbitrary file read on the puppet master from authenticated clients high. It is possible to construct an HTTP get request from an authenticated client with a valid certificate that will return the contents of an arbitrary file on the Puppet master that the maste...

4.3CVSS5.9AI score0.02453EPSS
Exploits4References5
Gentoo Linux
Gentoo Linux
added 2012/03/06 12:0 a.m.40 views

Puppet: Multiple vulnerabilities

Background Puppet is a system configuration management tool written in Ruby. Description Multiple vulnerabilities have been discovered in Puppet. Please review the CVE identifiers referenced below for details. Impact A local attacker could gain elevated privileges, or access and modify arbitrary...

6.9CVSS7.1AI score0.02454EPSS
Exploits1
Ubuntu
Ubuntu
added 2011/09/29 1:51 a.m.58 views

USN-1217-1: Puppet vulnerability

Kristian Erik Hermansen discovered a directory traversal vulnerability in the SSLFile indirection base class. A remote attacker could exploit this to overwrite files with the privileges of the Puppet Master...

5CVSS5.3AI score0.01115EPSS
Exploits0
NVD
NVD
added 2009/03/30 8:30 p.m.20 views

CVE-2008-6557

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command...

10CVSS7.6AI score0.0317EPSS
Exploits1References5
NVD
NVD
added 2009/03/30 8:30 p.m.21 views

CVE-2008-6556

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command...

10CVSS7.6AI score0.0317EPSS
Exploits1References5
Prion
Prion
added 2009/03/30 8:30 p.m.17 views

Command injection

cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command...

10CVSS8.2AI score0.0317EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2009/03/30 8:0 p.m.24 views

CVE-2008-6555

cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command...

7.6AI score0.04457EPSS
Exploits1References4
CVE
CVE
added 2009/03/30 8:0 p.m.42 views

CVE-2008-6556

CVE-2008-6556 affects The Puppet Master WebUtil 2.3 via cgi-bin/webutil.pl . The vulnerability allows remote attackers to execute arbitrary commands by supplying shell metacharacters in the whois parameter. The root cause is improper handling of user-supplied input in the whois command, enabling ...

10CVSS7.9AI score0.0317EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2009/03/30 8:0 p.m.53 views

CVE-2008-6557

CVE-2008-6557 describes a remote command execution vulnerability in The Puppet Master WebUtil 2.7, caused by shell metacharacters in the details command processed by cgi-bin/webutil.pl. Affected component: WebUtil 2.7; root cause: unsafe handling of shell metacharacters allowing arbitrary command...

10CVSS7.9AI score0.0317EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2009/03/30 8:0 p.m.49 views

CVE-2008-6555

CVE-2008-6555 affects the WebUtil component in The Puppet Master, specifically the cgi-bin/webutil.pl script. The vulnerability allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command, enabling full compromise of affected systems reachable over the networ...

10CVSS7.9AI score0.04457EPSS
Exploits1References4Affected Software1
securityvulns
securityvulns
added 2008/03/22 12:0 a.m.47 views

webutil.pl is still vulnerable against Remote Command Execution.

Webutil is a collection of networking tools by "The Puppet Master". Access the following url and type in the form field "$cat$IFS/etc/passwd": http://server/cgi-bin/webutil.pl?dig http://server/cgi-bin/webutil.pl?whois Version 2.3 only Type in the following url Version 2.7 only:...

2.6AI score
Exploits0
Packet Storm
Packet Storm
added 2008/03/21 12:0 a.m.21 views

webutil-exec.txt

Webutil is a collection of networking tools by "The Puppet Master". Access the following url and type in the form field "$cat$IFS/etc/passwd": http://server/cgi-bin/webutil.pl?dig http://server/cgi-bin/webutil.pl?whois Version 2.3 only Type in the following url Version 2.7 only:...

7.4AI score
Exploits0
Rows per page
Query Builder