Lucene search
K

160 matches found

OpenVAS
OpenVAS
added 2016/02/29 12:0 a.m.36 views

Fedora Update for rubygem-activemodel FEDORA-2016-94

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.95537EPSS
Exploits11References4
OpenVAS
OpenVAS
added 2016/02/29 12:0 a.m.35 views

Fedora Update for rubygem-actionpack FEDORA-2016-94

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.95537EPSS
Exploits11References4
OpenVAS
OpenVAS
added 2016/02/29 12:0 a.m.34 views

Fedora Update for rubygem-actionview FEDORA-2016-97002

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.95537EPSS
Exploits11References4
OSV
OSV
added 2016/02/26 3:8 p.m.11 views

SUSE-SU-2016:0599-1 Security update for rubygem-actionview-4_1

This update for rubygem-actionview-41 fixes the following issues: - CVE-2016-0752: directory traversal and information leak in Action View bsc963332...

7.5CVSS7.3AI score0.95537EPSS
Exploits11References3
NVD
NVD
added 2016/02/16 2:59 a.m.20 views

CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

7.5CVSS6.1AI score0.95537EPSS
Exploits11References13
OSV
OSV
added 2016/02/16 2:59 a.m.14 views

CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

7.5CVSS7.3AI score0.95537EPSS
Exploits11References13
UbuntuCve
UbuntuCve
added 2016/02/16 2:59 a.m.32 views

CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

7.5CVSS6.9AI score0.95537EPSS
Exploits11References3
Cvelist
Cvelist
added 2016/02/16 2:0 a.m.30 views

CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

6.3AI score0.95537EPSS
Exploits11References12
CVE
CVE
added 2016/02/16 2:0 a.m.1097 views

CVE-2016-0752

CVE-2016-0752 is a directory-traversal flaw in Rails’ Action View triggered when untrusted input is passed to render, allowing remote read of arbitrary files via a path containing .. and linked to incomplete fixes that affected Rails 3.2.x/4.x. The vulnerability stems from Action View’s rendering...

7.5CVSS6.1AI score0.95537EPSS
In wildExploits11References13Affected Software1
Debian CVE
Debian CVE
added 2016/02/16 2:0 a.m.34 views

CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

7.5CVSS6.5AI score0.95537EPSS
Exploits11
ATTACKERKB
ATTACKERKB
added 2016/02/16 12:0 a.m.31 views

CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application’s unrestricted use of the render method and providing...

7.5CVSS6.3AI score0.95537EPSS
In wildExploits11References14
OSV
OSV
added 2016/02/15 1:25 p.m.11 views

SUSE-SU-2016:0456-1 Security update for rubygem-actionview-4_2

This update for rubygem-actionview-42 fixes the following issues: - CVE-2016-0752: directory traversal and information leak in Action View bsc963332...

7.5CVSS7.3AI score0.95537EPSS
Exploits11References3
Tenable Nessus
Tenable Nessus
added 2016/02/08 12:0 a.m.39 views

openSUSE Security Update : rubygem-actionpack-3_2 / rubygem-activesupport-3_2 (openSUSE-2016-160)

This update for rubygem-actionpack-32, rubygem-activesupport-32 fixes the following issues : - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller boo963329 - CVE-2016-0752: directory traversal and information leak in Action View boo963332 - CVE-2016-0751:...

7.5CVSS5.8AI score0.95537EPSS
Exploits11References8
Hacker One
Hacker One
added 2016/02/01 10:0 a.m.67 views

Ruby on Rails: Regarding [CVE-2016-0752] Possible Information Leak Vulnerability in Action View

Possible Information Leak Vulnerability in Action View. There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all the scenarios. This vulnerability has been assigned the CVE...

5CVSS1.6AI score0.95537EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2016/02/01 12:0 a.m.49 views

Debian DSA-3464-1 : rails - security update

Multiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

7.5CVSS6.2AI score0.95537EPSS
Exploits11References10
seebug.org
seebug.org
added 2016/01/27 12:0 a.m.209 views

Rails Dynamic Render 远程命令执行漏洞 (CVE-2016-0752)

如果你的应用程序使用的动态模版路径 例如: render params:id 那么你的程序将会存在远程代码执行和本地文件包含漏洞. 请把你的 Rails 升级到最新版本, 或者重构你的 controllers。 我们将展示如何在特定环境下使用代码执行和本地包含漏洞去攻击 Ruby on Rails 。 Rails的控制器有包含指定渲染文件的功能,举个例子, 当我们调用 show 方法的时候,如果没有定义其他渲染方法,该框架将会隐藏渲染 show.html.erb 文件。 在绝大多数情况下,开发者会输出不同的格式,例如:文本, JSON, XML 或者其他任何格式,或者查看一个文件,...

5CVSS6.7AI score0.95537EPSS
Exploits12
GithubExploit
GithubExploit
added 2016/01/26 3:25 p.m.9 views

Exploit for Path Traversal in Rubyonrails Rails

Exploiting CVE-2016-0752 --- This app serves as a vulnerable Pr...

7.5CVSS7AI score0.95537EPSS
Exploits11
RubySec
RubySec
added 2016/01/25 12:0 a.m.36 views

Possible Information Leak Vulnerability in Action View

There is a possible directory traversal and information leak vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2016-0752. Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1 Impact ------ Applications that...

7.5CVSS2.3AI score0.95537EPSS
Exploits11References1Affected Software1
RubySec
RubySec
added 2016/01/25 12:0 a.m.34 views

Possible Information Leak Vulnerability in Action View

There is a possible directory traversal and information leak vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2016-0752. Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1 Impact ------ Applications that...

7.5CVSS2.3AI score0.95537EPSS
Exploits11References1Affected Software1
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.51 views

Oracle: Security Advisory (ELSA-2013-0752)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.1AI score0.87227EPSS
Exploits21References7
Rows per page
Query Builder