6 matches found
CVE-2014-9245
Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382...
Cross site scripting
Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, aka ZEN-15414, a similar issue to...
CVE-2014-6261
Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by 1 spoofing the callhome server or 2 deploying a crafted web site that is visited during a login session, aka ZEN-12657...
CVE-2014-6258
An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service CPU consumption by triggering an arbitrary regular-expression match attempt, aka ZEN-15411...
CVE-2014-9245
Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382...
CVE-2014-6259
Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, aka ZEN-15414, a similar issue to...