6 matches found
Cobbler is vulnerable to code injection
templateapi.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a...
PT-2010-3833
Name of the Vulnerable Software and Affected Versions Cobbler versions prior to 2.0.7 Description The issue allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file. This is due to the template api.py file not disabling the ability of the Cheetah...
CVE-2009-3850
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA...
Code injection
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA...
DEBIAN-CVE-2009-3850
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA...
CVE-2009-3850
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA...