Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
theforeman foreman 1.4.0 vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2014-4507
Directory traversal vulnerability in Smart-Proxy in Foreman prior to 1.4.5 and 1.5.x prior to 1.5.1 allows remote malicious users to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file.
Theforeman Foreman 1.5.0
Theforeman Foreman
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.2
Theforeman Foreman 1.4.0
4.3
CVSSv2
CVE-2014-3491
Cross-site scripting (XSS) vulnerability in Foreman prior to 1.4.5 and 1.5.x prior to 1.5.1 allows remote malicious users to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.0
Theforeman Foreman 1.5.0
Theforeman Foreman 1.4.3
Theforeman Foreman
Theforeman Foreman 1.4.2
4.3
CVSSv2
CVE-2014-3492
Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman prior to 1.4.5 and 1.5.x prior to 1.5.1 allow remote malicious users to inject arbitrary web script or HTML via a parameter (1) name or (2) value related to the host.
Theforeman Foreman 1.4.0
Theforeman Foreman 1.5.0
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.1
Theforeman Foreman
Theforeman Foreman 1.4.2
5
CVSSv2
CVE-2014-0192
Foreman 1.4.0 prior to 1.5.0 does not properly restrict access to provisioning template previews, which allows remote malicious users to obtain sensitive information via the hostname parameter, related to "spoof."
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.3
Theforeman Foreman 1.4.2
Theforeman Foreman 1.4.0
Theforeman Foreman 1.4.4
6.8
CVSSv2
CVE-2014-0090
Session fixation vulnerability in Foreman prior to 1.4.2 allows remote malicious users to hijack web sessions via the session id cookie.
Theforeman Foreman 1.2.2
Theforeman Foreman 1.2.1
Theforeman Foreman 1.2.0
Theforeman Foreman 1.2.3
Theforeman Foreman
Theforeman Foreman 1.0
Theforeman Foreman 1.4.0
Theforeman Foreman 1.1
4.3
CVSSv2
CVE-2014-0089
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x prior to 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.4.0
4.3
CVSSv2
CVE-2015-5152
Foreman after 1.1 and prior to 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote malicious users to obtain user credentials via a man-in-the-middle attack.
Theforeman Foreman 1.4.1
Theforeman Foreman 1.3.0
Theforeman Foreman 1.4.3
Theforeman Foreman 1.2.2
Theforeman Foreman 1.4.0
Theforeman Foreman 1.2.1
Theforeman Foreman 1.8.0
Theforeman Foreman 1.7.4
Theforeman Foreman 1.7.5
Theforeman Foreman 1.7.0
Theforeman Foreman 1.4.2
Theforeman Foreman 1.8.1
Theforeman Foreman 1.5.0
Theforeman Foreman 1.2.0
Theforeman Foreman 1.5.2
Theforeman Foreman 1.5.3
Theforeman Foreman 1.2.3
Theforeman Foreman 1.1-1
Theforeman Foreman 1.6.0
Theforeman Foreman 1.8.3
Theforeman Foreman 1.7.1
Theforeman Foreman 1.5.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started