rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

PT-2026-28191

Name of the Vulnerable Software and Affected Versions Plack::Middleware::Session::Cookie versions through 0.21 Description Plack::Middleware::Session::Cookie versions through 0.21 allows remote code execution. The issue occurs during deserialization of cookie data when no secret is used to sign t...

CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

Oracle Fusion Middleware Web Services Component Remote Information Disclosure

The remote host is affected by an information disclosure vulnerability that is related to the 'ScriptServlet' class in the Web Services Test Page. This vulnerability can be triggered via a specially crafted query with a directory traversal string. C Tenable Network Security, Inc...

Moderate: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.0 update

Red Hat JBoss Operations Network 3.2.0, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, whi...

Oracle Fusion Middleware Oracle Outside In Technology未明代码执行漏洞

CVE ID:CVE-2013-5763 Oracle Fusion Middleware是一款Oracle公司开发的融合中间件。 Oracle Fusion Middleware中的Oracle Outside In Technology组件存在未明安全漏洞，允许远程攻击者利用漏洞以应用程序上下文执行任意代码，漏洞相关Outside In Maintenance。 该漏洞原来错误的映射到CVE-2013-3624中。 0 Oracle Fusion Middleware 8.4.0 厂商补丁： Oracle ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2013-5763

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance. NOTE: the original disclosure of this issue erroneously mapped it to...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance. NOTE: the original disclosure of this issue erroneously mapped it to...

CVE-2013-5763

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance. NOTE: the original disclosure of this issue erroneously mapped it to...

CVE-2013-5763

CVE-2013-5763 corresponds to a stack-based buffer overflow in the Oracle Outside In Technology OS/2 Metafile Parser. The vulnerability can be triggered by processing a crafted file, potentially allowing a remote attacker to execute arbitrary code with the privileges of the vulnerable application....

CVE-2013-6417

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

CVE-2013-6417

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

UBUNTU-CVE-2013-6417

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

CVE-2013-6417

The CVE-2013-6417 issue affects Ruby on Rails’ ActionPack (lib/action_dispatch/http/request.rb) where differences in parameter handling between Active Record and the JSON implementation allow remote attackers to bypass database-query restrictions and trigger NULL checks or missing WHERE clauses b...

CVE-2013-6417

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)

Due to the way that Rack::Request and Rails::Request interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameter...

rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013- 0155)

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)

The prior fix to CVE-2013-0155 was incomplete and the use of common 3rd party libraries can accidentally circumvent the protection. Due to the way that Rack::Request and Rails::Request interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store...

IT-Grundschutz M4.287: Sichere Administration der VoIP-Middleware

IT-Grundschutz M4.287: Sichere Administration der VoIP-Middleware. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94226 Stand: 13. Ergänzungslieferung 13. EL. OpenVAS...

IT-Grundschutz M4.287: Sichere Administration der VoIP-Middleware

IT-Grundschutz M4.287: Sichere Administration der VoIP-Middleware. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94226 Stand: 13. Ergänzungslieferung 13. EL...