Thierry Carrez

2 exploits Active since Dec 2011
CVE-2011-4596 WRITEUP WRITEUP
OpenStack Nova < 2011.3.1 - Authenticated Path Traversal via S3/RegisterImage Tarball or Manifest
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.
CVE-2012-3360 WRITEUP WRITEUP
OpenStack Compute (Nova) Essex and Folsom - Authenticated Path Traversal via Disk Image File Path Attribute
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.