Lucene search
K

78 matches found

RedHat Linux
RedHat Linux
added 2018/09/20 5:21 p.m.5 views

smart_proxy_dynflow: Authentication bypass in Foreman remote execution feature

An authentication bypass flaw was found in the smartproxydynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context...

10CVSS6AI score0.06007EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2018/09/20 4:49 p.m.26 views

CVE-2018-14643

An authentication bypass flaw was found in the smartproxydynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context. Mitigation Disable Smart Proxy Dynflow by...

10CVSS4.1AI score0.06007EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2018/09/20 12:0 a.m.497 views

smart_proxy_dynflow -- authentication bypass vulnerability

MITRE reports: An authentication bypass flaw was found in the smartproxydynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context...

10CVSS4.1AI score0.06007EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2016/11/29 12:0 a.m.28 views

Foreman 0.2 < 1.10.4, 1.11.x < 1.11.2 RCE Vulnerability

Foreman is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:theforeman:foreman...

8.8CVSS9.1AI score0.02839EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/07/27 8:28 a.m.4 views

foreman: Missing input validation in Smart Proxy allows RCE via TFTP file variant parameter

It was found that the “variant” parameter in the TFTP API of Foreman was passed to the eval function. An attacker could possibly use this flaw to execute arbitrary code with the privileges of the Foreman user...

8.8CVSS6.1AI score0.02839EPSS
Exploits0References4
CNVD
CNVD
added 2016/05/21 12:0 a.m.3 views

Foreman Arbitrary Code Execution Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. A security vulnerability in the smart proxy TFTP API in Foreman versions 1.11.x before 1.10.4 and 1.11.2 before 1.11.2 can be exploited by a remote attacker to execute arbitrary code with the help of specially...

8.8CVSS8.8AI score0.02839EPSS
Exploits0References1
NVD
NVD
added 2016/05/20 2:59 p.m.22 views

CVE-2016-3728

Eval injection vulnerability in tftpapi.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATHINFO to tftp/...

8.8CVSS9AI score0.02839EPSS
Exploits0References5
OSV
OSV
added 2016/05/20 2:59 p.m.7 views

CVE-2016-3728

Eval injection vulnerability in tftpapi.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATHINFO to tftp/...

8.8CVSS9AI score
Exploits0References5
Prion
Prion
added 2016/05/20 2:59 p.m.17 views

Sql injection

Eval injection vulnerability in tftpapi.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATHINFO to tftp/...

6.8CVSS8.4AI score0.02839EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2016/05/20 2:0 p.m.28 views

CVE-2016-3728

Eval injection vulnerability in tftpapi.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATHINFO to tftp/...

9AI score0.02839EPSS
Exploits0References5
CVE
CVE
added 2016/05/20 2:0 p.m.79 views

CVE-2016-3728

Summary: CVE-2016-3728 describes an eval-injection in Foreman’s Smart-Proxy TFTP module (tftp_api.rb) that allows an attacker to execute arbitrary code via the PATH_INFO PXE template type. Affected: Foreman/Smart-Proxy prior to 1.10.4 and 1.11.x prior to 1.11.2. Impact: remote code execution with...

8.8CVSS9AI score0.02839EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2016/05/20 12:0 a.m.5 views

PT-2016-5685 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.10.4 Foreman versions 1.11.x prior to 1.11.2 Description: The issue allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH INFO to "tftp/". This is due to an eval injection...

8.8CVSS7.5AI score0.02839EPSS
Exploits0References7
Prion
Prion
added 2015/03/09 2:59 p.m.23 views

Authentication flaw

Smart Proxy aka Smart-Proxy and foreman-proxy in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate...

7.5CVSS8AI score0.01706EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2015/03/09 2:59 p.m.45 views

CVE-2014-3691

Smart Proxy aka Smart-Proxy and foreman-proxy in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate...

7.5CVSS7.5AI score0.01706EPSS
Exploits0References5
Cvelist
Cvelist
added 2015/03/09 2:0 p.m.46 views

CVE-2014-3691

Smart Proxy aka Smart-Proxy and foreman-proxy in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate...

7.4AI score0.01706EPSS
Exploits0References5
CVE
CVE
added 2015/03/09 2:0 p.m.77 views

CVE-2014-3691

Foreman/foreman-proxy is affected by CVE-2014-3691 due to failure to validate SSL certificates in SSL-enabled mode, allowing remote attackers to bypass authentication and issue arbitrary API requests without a certificate. Affected versions: Foreman prior to 1.5.4 and foreman-proxy in Foreman 1.6...

7.5CVSS7.6AI score0.01706EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2014/09/10 1:9 p.m.2 views

foreman-proxy: smart-proxy remote command injection

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetchbootfile...

7.5CVSS6.2AI score0.09017EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/07/17 12:0 a.m.10 views

Foreman Smart-Proxy TFTP Detection

Binary data foremansmartproxytftpdetect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/07/17 12:0 a.m.85 views

Foreman Smart-Proxy TFTP Remote Command Injection

The remote web server is running a version of Foreman Smart-Proxy TFTP that is affected by a remote command injection vulnerability. An attacker can send a specially crafted URL that results in the execution of arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

7.5CVSS6.2AI score0.09017EPSS
Exploits0References2
NVD
NVD
added 2014/06/20 2:55 p.m.16 views

CVE-2014-4507

Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. dot dot in the dst parameter to tftp/fetchbootfile...

6.4CVSS6.8AI score0.02374EPSS
Exploits0References1
Rows per page
Query Builder