mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-29 20:30:57 +02:00
842 B
842 B
CVE-2014-6261
Description
Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657.
POC
Reference
- http://www.kb.cert.org/vuls/id/449452
- https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing
Github
No PoCs found on GitHub currently.