CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

DEBIAN-CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

CVE-2015-7576

Ruby on Rails: The http_basic_authenticate_with path in Action Controller is vulnerable to a timing-attack bypass when verifying credentials, not using constant-time comparison. A remote attacker could determine valid usernames/passwords by measuring response times. Affected rails versions includ...

New Relic: Unauthorized Access

Summary of Findings ------------------------------- The remote server https://download.newrelic.com allowed unauthenticated access to special access files that are only intended to be accessible after contacting the New Relic program managers as seen below. Exploiting the...

openSUSE Security Update : rubygem-actionpack-3_2 / rubygem-activesupport-3_2 (openSUSE-2016-160)

This update for rubygem-actionpack-32, rubygem-activesupport-32 fixes the following issues : - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller boo963329 - CVE-2016-0752: directory traversal and information leak in Action View boo963332 - CVE-2016-0751:...

New Relic: Basic Authorization over HTTP

Hi New Relic Team, While reviewing your host http://newrelic.com/ it was discovered that you are basic authorization over http , which is not a good practice If an attacker can intercept traffic on the network, he/she might be able to steal the user's credentials. Request:- GET /styleguide-layout...

Vulnerability of Microsoft Visio graphic editors, Microsoft Excel spreadsheet editors, Microsoft PowerPoint presentation preparation software, Microsoft Word word processors, Microsoft Visual Basic software development environment, Microsoft Office software suite – tools that allow attackers to bypass ASLR protection mechanisms.

The vulnerabilities of Microsoft Visio, a graphic editor; Microsoft Excel, an electronic spreadsheet editor; Microsoft PowerPoint, a presentation software; Microsoft Word, a text editor; the Microsoft Visual Basic development environment; and the Microsoft Office suite are related to the lack of...

The vulnerability of the Internet Explorer browser, which allows a hacker to execute arbitrary code

The vulnerability of the VBScript component in Internet Explorer relates to the handling of objects in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Microsoft VBScript Arbitrary Code Execution Vulnerability

Microsoft VBScript is the United States Microsoft Microsoft company developed a scripting language, can be seen as a simplified version of the VB language. A memory corruption vulnerability exists in Microsoft Internet Explorer's VBScript and JScript, which could be exploited by a remote attacker...

Siemens Industrial Products glibc Library Vulnerability (Update C)

OVERVIEW This updated advisory is a follow-up to the advisory update titled ICSA-16-103-01B Siemens Industrial Products glibc Library Vulnerability that was published July 14, 2016, on the NCCIC/ICS-CERT web site. Siemens reports that a buffer overflow vulnerability in the glibc library could...

CVE-2016-0012

Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 20...

CVE-2016-0002

The Microsoft 1 VBScript 5.7 and 5.8 and 2 JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."...

[SECURITY] Fedora 23 Update: shotwell-0.23.0-0.1.20160105gitf2fb1f7.fc23

Shotwell is an easy-to-use, fast photo organizer designed for the GNOME desktop. It allows you to import photos from your camera or disk, organize them by date and subject matter, even ratings. It also offers basic photo editing, like crop, red-eye correction, color adjustments, and straighten...

Microsoft Visual Basic ASLR Bypass Vulnerability (3124585)

This host is missing an important security update according to Microsoft Bulletin MS16-004. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Patches Six Critical Flaws with January 2016 Updates

Microsoft released a scant nine bulletins today for Patch Tuesday, but six of them are marked critical and seven can lead to remote code execution. The updates, which address 25 vulnerabilities will be the last many who run Internet Explorer 8, 9, and 10 will receive unless they elect to update t...

CVE-2015-7937

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data...

Stack overflow

Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data...

PT-2015-2899 · Schneider Electric +1 · Modicon M340 Plc +1

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices affected versions not specified Description: The issue is caused by a stack-based buffer overflow in the GoAhead Web Server, allowing remote attackers to execute arbitrary code via ...

Joomlavs - A Black Box, Joomla Vulnerability Scanner

JoomlaVS is a Ruby application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic finger printing and can scan for vulnerabilities in components, modules and templates as well as vulnerabilities that exist within Joomla itself. How to insta...

Microsoft VBScript and JScript Scripting Engine Information Disclosure Vulnerability (CNVD-2015-08015)

Microsoft Internet Explorer IE is a web browser developed by Microsoft, and is the default browser that comes with the Windows operating system.Microsoft VBScript known as Visual Basic Script is a scripting language, and is also the default programming language for ASP dynamic web pages. JScript ...