Lucene search
K

78 matches found

NVD
NVD
added 2014/06/20 2:55 p.m.30 views

CVE-2014-0007

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetchbootfile...

7.5CVSS7.6AI score0.09017EPSS
Exploits0References2
Prion
Prion
added 2014/06/20 2:55 p.m.16 views

Design/Logic Flaw

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetchbootfile...

7.5CVSS8.2AI score0.09017EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/06/20 2:55 p.m.20 views

Directory traversal

Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. dot dot in the dst parameter to tftp/fetchbootfile...

6.4CVSS7.3AI score0.02374EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2014/06/20 2:0 p.m.36 views

CVE-2014-0007

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetchbootfile...

7.6AI score0.09017EPSS
Exploits0References2
CVE
CVE
added 2014/06/20 2:0 p.m.46 views

CVE-2014-4507

CVE-2014-4507 concerns a directory traversal in the Smart-Proxy component of Foreman, affecting Foreman’s Smart-Proxy before 1.4.5 and 1.5.x before 1.5.1. The flaw lets an attacker supply a .. (dot dot) in the dst parameter to tftp/fetch_boot_file to overwrite arbitrary files on the affected syst...

6.4CVSS7AI score0.02374EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/06/20 2:0 p.m.83 views

CVE-2014-0007

CVE-2014-0007 affects Foreman’s Smart-Proxy TFTP module. The Smart-Proxy before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. Impact per sources indicates remote command execution; attesta...

7.5CVSS7.8AI score0.09017EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/06/20 2:0 p.m.26 views

CVE-2014-4507

Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. dot dot in the dst parameter to tftp/fetchbootfile...

6.8AI score0.02374EPSS
Exploits0References1
exploitpack
exploitpack
added 2014/06/05 12:0 a.m.18 views

Foreman Smart-Proxy - Remote Command Injection

Foreman Smart-Proxy - Remote Command Injection source: https://www.securityfocus.com/bid/68117/info Foreman is prone to a remote command-injection vulnerability. Successful exploits will result in the execution of arbitrary commands with the privileges of the user running foreman-proxy. curl -3 -...

7.9AI score
Exploits0
Exploit DB
Exploit DB
added 2014/06/05 12:0 a.m.36 views

Foreman Smart-Proxy - Remote Command Injection

source: https://www.securityfocus.com/bid/68117/info Foreman is prone to a remote command-injection vulnerability. Successful exploits will result in the execution of arbitrary commands with the privileges of the user running foreman-proxy. curl -3 -H "Accept:application/json" -k -X POST -d...

7.4AI score
Exploits0
NVD
NVD
added 2014/05/08 2:29 p.m.15 views

CVE-2012-5477

The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors...

3.6CVSS6.2AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2014/05/08 2:29 p.m.20 views

CVE-2013-0210

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands...

7.5CVSS7.6AI score0.01853EPSS
Exploits0References1
Prion
Prion
added 2014/05/08 2:29 p.m.10 views

Code injection

The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors...

3.6CVSS6.7AI score0.00328EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/05/08 2:29 p.m.16 views

Command injection

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands...

7.5CVSS8.2AI score0.01853EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2014/05/08 2:29 p.m.1 views

CVE-2013-0210

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands...

7.5CVSS6AI score0.01853EPSS
Exploits0References2
CVE
CVE
added 2014/05/08 2:0 p.m.57 views

CVE-2012-5477

The CVE entry describes a vulnerability in the Foreman smart proxy prior to version 1.1 where a misconfigured umask of 0 enables local users to modify files created by the daemon via unspecified vectors. The issue can affect integrity and availability (I:P, A:P) with local attack vector and no au...

3.6CVSS6.4AI score0.00328EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/05/08 2:0 p.m.55 views

CVE-2013-0210

CVE-2013-0210 affects Foreman’s smart proxy Puppet run API (Foreman) prior to version 1.2.0. The issue permits remote command execution via vectors related to escaping and Puppet commands. The NVD entry assigns a base score of 7.5 (HIGH) with network attack vector and no authentication, indicatin...

7.5CVSS7.8AI score0.01853EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2014/05/08 2:0 p.m.24 views

CVE-2013-0210

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands...

7.6AI score0.01853EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/05/08 2:0 p.m.16 views

CVE-2012-5477

The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors...

6.2AI score0.00328EPSS
Exploits0References2
Rows per page
Query Builder