5 matches found
CVE-2011-4195
CVE-2011-4195 affects kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1. An attacker can execute arbitrary commands via shell metacharacters in an image name. Impact: arbitrary command execution with network-accessible cont...
CVE-2013-3712
CVE-2013-3712 affects SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3, which use static secret tokens. The material states the impact and attack vectors as unspecified in the description; no concrete exploitation details, affected component versions, root cause sp...
CVE-2011-3180
Kiwi before 4.98.08, used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown. Root cause: untrusted path handling in Kiwi leads to ...
CVE-2011-4193
CVE-2011-4193 describes a Cross-site scripting (XSS) flaw in the overlay files tab of SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to...
CVE-2011-4192
CVE-2011-4192 affects kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1. The issue allows attackers to execute arbitrary commands, demonstrated by "double quotes in kiwi_oemtitle of .profile." The connected documents corrobo...