78 matches found
CVE-2014-0007
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetchbootfile...
Design/Logic Flaw
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetchbootfile...
Directory traversal
Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. dot dot in the dst parameter to tftp/fetchbootfile...
CVE-2014-0007
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetchbootfile...
CVE-2014-4507
CVE-2014-4507 concerns a directory traversal in the Smart-Proxy component of Foreman, affecting Foreman’s Smart-Proxy before 1.4.5 and 1.5.x before 1.5.1. The flaw lets an attacker supply a .. (dot dot) in the dst parameter to tftp/fetch_boot_file to overwrite arbitrary files on the affected syst...
CVE-2014-0007
CVE-2014-0007 affects Foreman’s Smart-Proxy TFTP module. The Smart-Proxy before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. Impact per sources indicates remote command execution; attesta...
CVE-2014-4507
Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. dot dot in the dst parameter to tftp/fetchbootfile...
Foreman Smart-Proxy - Remote Command Injection
Foreman Smart-Proxy - Remote Command Injection source: https://www.securityfocus.com/bid/68117/info Foreman is prone to a remote command-injection vulnerability. Successful exploits will result in the execution of arbitrary commands with the privileges of the user running foreman-proxy. curl -3 -...
Foreman Smart-Proxy - Remote Command Injection
source: https://www.securityfocus.com/bid/68117/info Foreman is prone to a remote command-injection vulnerability. Successful exploits will result in the execution of arbitrary commands with the privileges of the user running foreman-proxy. curl -3 -H "Accept:application/json" -k -X POST -d...
CVE-2012-5477
The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors...
CVE-2013-0210
The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands...
Code injection
The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors...
Command injection
The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands...
CVE-2013-0210
The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands...
CVE-2012-5477
The CVE entry describes a vulnerability in the Foreman smart proxy prior to version 1.1 where a misconfigured umask of 0 enables local users to modify files created by the daemon via unspecified vectors. The issue can affect integrity and availability (I:P, A:P) with local attack vector and no au...
CVE-2013-0210
CVE-2013-0210 affects Foreman’s smart proxy Puppet run API (Foreman) prior to version 1.2.0. The issue permits remote command execution via vectors related to escaping and Puppet commands. The NVD entry assigns a base score of 7.5 (HIGH) with network attack vector and no authentication, indicatin...
CVE-2013-0210
The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands...
CVE-2012-5477
The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors...