10 matches found
CVE-2013-4480
CVE-2013-4480 affects Red Hat Satellite 5.6 and earlier. The root cause is that the web interface used to create the initial administrator user was not disabled after setup, enabling a remote attacker to create an admin account. Documented impact is the potential for unauthorized administrative a...
CVE-2014-8162
Summary: CVE-2014-8162 describes an XML External Entity (XXE) vulnerability in the RPC interface of Spacewalk and Red Hat Network (RHN) Satellite, affecting version 5.7 and earlier. The issue allows a remote attacker to read arbitrary files and potentially other unspecified impact via unknown vec...
CVE-2014-7811
CVE-2014-7811: Spacewalk and RHN Satellite before 5.7.0 are affected by cross-site scripting via crafted XML data in the REST API. Remote authenticated users can inject arbitrary scripts/HTML. Remediation: upgrade to Spacewalk/RHN Satellite 5.7.0 (per RHSA-2015:0033) or apply related patches. Not...
CVE-2011-2919
CVE-2011-2919 is a cross-site scripting (XSS) vulnerability in Spacewalk 1.6 as used with Red Hat Network Satellite. The issue allows a remote attacker to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page. Connected documents corroborate the vulnerability in R...
CVE-2011-3344
CVE-2011-3344 is a cross-site scripting (XSS) flaw in the Spacewalk/RHN Satellite web interface, exposed via the Lookup Login/Password form in Spacewalk 1.6. The root cause is a reflected XSS vulnerability in the URI handling of the RHN Satellite web UI, allowing remote attackers to inject arbitr...
CVE-2011-2920
CVE-2011-2920 corresponds to multiple XSS flaws in Spacewalk 1.6 used by Red Hat Network Satellite. The Spacewalk web interface has vulnerabilities that allow remote attackers to inject arbitrary script/HTML, notably via the Filter by Synopsis field. Public references from SUSE and Red Hat descri...
CVE-2013-2143
Summary: CVE-2013-2143 records a privilege-escalation flaw in Katello 1.5.0-14 and earlier (and Red Hat Satellite) where the users controller’s update_roles action does not enforce authorization. This allows remote authenticated users to elevate a normal account to administrator by manipulating t...
CVE-2007-5961
CVE-2007-5961 is a cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature used by Red Hat Network Satellite Server (and RHN) prior to version 5.0.2. The underlying issue allowed remote attackers to inject arbitrary web script or HTML via unknown vectors. The connec...
CVE-2011-1594
CVE-2011-1594 is an Open Redirect in Spacewalk 1.6 used by Red Hat Network Satellite. The flaw allows remote attackers to redirect users to arbitrary sites via the url_bounce parameter, enabling phishing-like redirects. Multiple references (RHSA-2011:1299, SUSE CVE page) indicate an open‑redirect...
CVE-2011-2927
CVE-2011-2927 is an XSS vulnerability affecting Spacewalk 1.6 as used by Red Hat Network Satellite. The issue enables a remote attacker to inject scripts via Search form vectors in the RHN Satellite web interface. Connected sources (SUSE, Red Hat advisory RHSA-2011:1299, Veracode listing) confirm...