2 matches found
CVE-2012-3551
CVE-2012-3551 is an XSS vulnerability in the Crowbar barclamp, specifically in crowbar_framework/app/views/support/index.html.haml. The flaw allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils, affecting Crowbar versions possibly 1.4 and earlier. The co...
CVE-2012-3537
CVE-2012-3537 affects the Crowbar project’s Crowbar Deployer, specifically the Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb). The vulnerability is due to insecure handling of temporary files and predictable file names, enabling local users to execute arbitrary shell commands....