CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8041 matches found

NVD•added 2013/04/25 11:55 p.m.•39 views

CVE-2013-0175

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

7.5CVSS7.2AI score0.03727EPSS

Exploits0References5

Prion•added 2013/04/25 11:55 p.m.•26 views

Type confusion

7.5CVSS8AI score0.99449EPSS

Exploits21References5Affected Software2

Cvelist•added 2013/04/25 11:0 p.m.•45 views

CVE-2013-0175

7.2AI score0.03727EPSS

Exploits0References5

CVE•added 2013/04/25 11:0 p.m.•101 views

CVE-2013-0175

CVE-2013-0175 affects the multi_xml gem (v0.5.2) used by Grape prior to v0.2.6. The vulnerability stems from improper restriction of string casts, allowing remote object-injection and potential code execution, or DoS via nested XML entity refs, leveraging YAML type conversion or Symbol type conve...

7.5CVSS9.7AI score0.03727EPSS

Exploits0References5Affected Software1

Debian CVE•added 2013/04/25 11:0 p.m.•42 views

CVE-2013-0175

7.5CVSS6.2AI score0.03727EPSS

Exploits0

Nmap•added 2013/04/25 3:15 a.m.•214 views

http-vuln-cve2013-0156 NSE Script

Detects Ruby on Rails servers vulnerable to object injection, remote command executions and denial of service attacks. CVE-2013-0156 All Ruby on Rails versions before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 are vulnerable. This script sends 3 harmless YAML payloa...

10CVSS0.3AI score0.99449EPSS

Exploits54

Positive Technologies•added 2013/04/25 12:0 a.m.•5 views

PT-2013-2146

Name of the Vulnerable Software and Affected Versions multi xml gem version 0.5.2 Grape versions prior to 0.2.6 Description The issue allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service involving nested XML entity references. This c...

7.5CVSS6AI score0.03727EPSS

Exploits0References17

0day.today•added 2013/04/19 12:0 a.m.•72 views

SWFUpload <= (Object Injection/CSRF) Vulnerabilities

SWFUpload all versions is suffer from Object Image Injection & JavaScript Code injecton XSRF/XSS . remote attacker can include a remote Images or exec some JS code. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1...

7.1AI score

Exploits0

Packet Storm•added 2013/04/18 12:0 a.m.•28 views

SWFUpload CSRF / XSS / Object Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

0.3AI score

Exploits0

OSV•added 2013/04/09 8:55 p.m.•11 views

CVE-2013-1800

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...

7.5AI score

Exploits0References7

OSV•added 2013/04/09 8:55 p.m.•4 views

DEBIAN-CVE-2013-1800

7.5CVSS9.3AI score0.04952EPSS

Exploits1References1

OSV•added 2013/04/09 8:55 p.m.•4 views

DEBIAN-CVE-2013-1802

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...

7.5CVSS9.3AI score0.03415EPSS

Exploits1References1

NVD•added 2013/04/09 8:55 p.m.•37 views

CVE-2013-1802

7.5CVSS7.1AI score0.03415EPSS

Exploits1References4

NVD•added 2013/04/09 8:55 p.m.•35 views

CVE-2013-1800

7.5CVSS7.1AI score0.04952EPSS

Exploits1References6

NVD•added 2013/04/09 8:55 p.m.•34 views

CVE-2013-1801

The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for YAML type...

7.5CVSS7.1AI score0.0441EPSS

Exploits1References4

OSV•added 2013/04/09 8:55 p.m.•0 views

UBUNTU-CVE-2013-1800

7.5CVSS6.1AI score0.04952EPSS

Exploits1References2

UbuntuCve•added 2013/04/09 8:55 p.m.•56 views

CVE-2013-0285

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

7.5CVSS6AI score0.02312EPSS

Exploits0References1

OSV•added 2013/04/09 8:55 p.m.•5 views

UBUNTU-CVE-2013-0285

7.5CVSS6.1AI score0.02312EPSS

Exploits0References2

OSV•added 2013/04/09 8:55 p.m.•1 views

UBUNTU-CVE-2013-1802

7.5CVSS6.1AI score0.03415EPSS

Exploits1References2

Prion•added 2013/04/09 8:55 p.m.•45 views

Type confusion