119 matches found
USN-4787-1: jq vulnerability
It was discovered that jq did not perform sufficient bounds checking, resulting in unbounded resource consumption. An attacker could use this vulnerability to cause a denial of service...
Debian: Security Advisory (DLA-2342-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2342-1 : libjackson-json-java security update
Several vulnerabilities were fixed in libjackson-json-java, a Java JSON processor. CVE-2017-7525 Jackson Deserializer security vulnerability. CVE-2017-15095 Block more JDK types from polymorphic deserialization. CVE-2019-10172 XML external entity vulnerabilities. For Debian 9 stretch, these...
[SECURITY] [DLA 2342-1] libjackson-json-java security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2342-1 [email protected] https://www.debian.org/lts/security/ August 24, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...
Ruby on Rails ActionPack Inline ERB - Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails ActionPack Inline ERB Code Execution', 'Description' = %q This module exploits a remote code execution...
Ruby on Rails ActionPack Inline ERB - Code Execution (Metasploit)
Exploit for ruby platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails ActionPack Inline ERB Code Execution', 'Description' = %q...
Ruby on Rails ActionPack Inline ERB Code Execution
This module exploits a remote code execution vulnerability in the inline request processor of the Ruby on Rails ActionPack component. This vulnerability allows an attacker to process ERB to the inline JSON processor, which is then rendered, permitting full RCE within the runtime, without logging ...
Moderate: Red Hat Security Advisory: jq security update
An update for jq is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Moderate: Red Hat Security Advisory: jq security update
An update for jq is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
Moderate: Red Hat Security Advisory: jq security update
An update for jq is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
Ruby on Rails JSON Processor YAML Deserialization Code Execution - Ver2 (CVE-2013-0333)
A code execution vulnerability has been reported in Ruby on Rails. The vulnerability is due to an input validation error when JSON Processor deserializes YAML. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code within the context of the underlying web serve...
Ruby on Rails JSON Processor Floating Point Heap Overflow DoS
When Ruby attempts to convert a string representation of a large floating point decimal number to its floating point equivalent, a heap-based buffer overflow can be triggered. This module has been tested successfully on a Ruby on Rails application using Ruby version 1.9.3-p448 with WebRick and Th...
Ruby on Rails JSON Processor YAML Deserialization Code Execution (CVE-2013-0333)
A code execution vulnerability has been reported in Ruby on Rails. The vulnerability is due to an input validation error when JSON Processor deserializes YAML. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code within the context of the underlying web serve...
Ruby on Rails JSON Processor YAML Deserialization Scanner
This module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the JSON request processor. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby...
Fedora 17 : rubygem-activesupport-3.0.11-8.fc17 (2013-1710)
Fixes CVE-2013-0333. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
Ruby on Rails JSON Processor YAML Deserialization Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Ruby on Rails JSON Processor YAML Deserialization Code Execution
Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core...
Ruby on Rails JSON Processor YAML Deserialization Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Ruby on Rails JSON Processor YAML...
Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Ruby on Rails JSON Processor YAML...