|
291381
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the l…
|
CWE-255
Credentials Management
|
CVE-2013-4967
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291382
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmiss…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4964
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291383
|
- |
|
puppet
|
puppet_enterprise
|
The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended …
|
CWE-255
Credentials Management
|
CVE-2013-4962
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291384
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.
|
CWE-200
Information Exposure
|
CVE-2013-4961
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291385
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host na…
|
CWE-200
Information Exposure
|
CVE-2013-4959
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291386
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.
|
CWE-287
Improper Authentication
|
CVE-2013-4958
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291387
|
- |
|
puppetlabs
puppet
|
puppet
puppet_enterprise
|
Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if thos…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4956
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291388
|
- |
|
puppet
|
puppet_enterprise
|
Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service …
|
CWE-20
Improper Input Validation
|
CVE-2013-4955
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291389
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.
|
CWE-20
Improper Input Validation
|
CVE-2013-4762
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291390
|
- |
|
puppetlabs
puppet
|
puppet
puppet_enterprise
|
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby prog…
|
NVD-CWE-noinfo
|
CVE-2013-4761
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
