MidnightBSD

Advisories for vmturbo

CVE-2014-3806 MEDIUM

Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
vmturbo operations_manager *
vmturbo operations_manager 4.0
CVE-2014-5073 HIGH

vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vmturbo operations_manager *
vmturbo operations_manager 4.0
vmturbo operations_manager 4.5