78 matches found
EUVD-2012-5454
Malware in sbrugna...
SUSE CVE-2012-5562
A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties...
SUSE CVE-2013-1871
Cross-site scripting XSS vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter...
SUSE CVE-2014-8162
XML external entity XXE in the RPC interface in Spacewalk and Red Hat Network RHN Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors...
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2235 RHN Satellite cobbler: Code injection flaw ACE as root by processing of a specially-crafted kickstart template file...
Denial Of Service (DoS)
spacewalk-backend is vulnerable to denial of service. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. The NULL organization stores packages synced from RHN Hosted. Although an attacker cannot put...
Cross-site Scripting (XSS)
spacewalk-web is vulnerable to cross-site scripting XSS. The vulnerability exists as an authenticated RHN Satellite user could use this flaw to perform a cross-site scripting attack against other authenticated users who are using the RHN Satellite web interface...
Cross-site Scripting (XSS)
spacewalk-java is vulnerable to cross-site scripting XSS. The vulnerability exists as a remote attacker could use these flaws to perform a cross-site scripting attack against victims using the RHN Satellite web interface...
Cross-site Scripting (XSS)
spacewalk-web is vulnerable to cross-site scripting XSS. The vulnerability exists as a remote attacker could use these flaws to perform a cross-site scripting attack against victims using the RHN Satellite web interface...
Cross-site Scripting (XSS)
spacewalk-web is vulnerable to cross-site scripting XSS. The vulnerability exists as multiple cross-site scripting XSS flaws were found in the RHN Satellite web interface. A remote attacker could use these flaws to perform a cross-site scripting attack against victims using the RHN Satellite web...
Cross-site Scripting (XSS)
sapcewalk-web is vulnerable to cross-site scripting XSS. The vulnerability exists as a remote attacker could use these flaws to perform a cross-site scripting attack against victims using the RHN Satellite web interface...
Information Disclosure
spacewalk is vulnerable to information disclosure. A flaw was found in the way RHN Satellite Server managed user authentication. A time delay was not inserted after each failed log in, which could allow a remote attacker to conduct a password guessing attack efficiently...
Session Fixation
spacewalk is vulnerable to session fixation. A session fixation flaw was found in the way RHN Satellite Server handled session cookies. An RHN Satellite Server user able to pre-set the session cookie in a victim's browser to a valid value could use this flaw to hijack the victim's session after t...
Authorization Bypass
spacewalk-config is vulnerable to authorization bypass. The vulnerability exists as RHN Satellite incorrectly exposed an obsolete XML-RPC API for configuring package group comps.xml files for channels. An authenticated user could use this flaw to gain access to arbitrary files accessible to the R...
CVE-2012-5562
A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties...
CVE-2012-5562
A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties...
CVE-2012-5562 Rhn-proxy: rhn-satellite: rhn-proxy: information disclosure via clear-text credential transmission when accessing rhn satellite
A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties...
CVE-2012-5562
CVE-2012-5562 affects the rhn-proxy component used with Red Hat Satellite. The flaw enables the proxy to transmit user credentials in clear text when accessing RHN Satellite, leading to potential exposure of sensitive authentication details (information disclosure). Public references and CVSS dat...
XML External Entity (XXE)
spacewalk-java is vulnerable to XML External Entity XXE attacks. The vulnerability exists as the RPC interface in Spacewalk and Red Hat Network RHN Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors...
Cross-site Scripting (XSS)
spacewalk-java is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not...