2 matches found
CVE-2012-10048
CVE-2012-10048 affects Zenoss Core 3.x. The vulnerability is in the showDaemonXMLConfig endpoint where the daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitization, allowing an authenticated user to execute arbitrary commands on the server as the zenoss u...
CVE-2012-10048 Zenoss 3.x showDaemonXMLConfig Command Execution
Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user...