Lucene search
K

111 matches found

CVE
CVE
added 2017/08/09 6:0 p.m.107 views

CVE-2015-1820

The CVE-2015-1820 vulnerability affects the RubyGem rest-client (REST client for Ruby) up to version 1.8.0, where Set-Cookie headers in HTTP 30x redirects can be reused by an attacker to hijack a user session or access cookies. The connected documents corroborate this issue across multiple source...

9.8CVSS9AI score0.04345EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2017/08/09 6:0 p.m.44 views

CVE-2015-1820

REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

9.8CVSS9.3AI score0.04345EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/07/14 12:0 a.m.35 views

Fedora 23 : rubygem-rest-client (2015-8dce7405bf)

Update to rest-client 1.8.0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

9.8CVSS8AI score0.04345EPSS
Exploits0References3
Kitploit
Kitploit
added 2016/04/27 10:30 p.m.29 views

Whitewidow - SQL Vulnerability Scanner

Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server information, multiple SQL injection syntax, and a...

8.2AI score
Exploits0References1
n0where
n0where
added 2016/04/19 7:34 p.m.16 views

Automated SQL Vulnerability Scanner: Whitewidow

Open Source Automated SQL Vulnerability Scanner Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server...

0.4AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/06/16 12:28 p.m.3 views

rubygem-rest-client: unsanitized application logging

REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...

2.1CVSS7.2AI score0.00373EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/06/16 12:28 p.m.10 views

rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses

REST client for Ruby aka rest-client before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect...

9.8CVSS7.4AI score0.04345EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/06/02 12:0 a.m.43 views

FreeBSD : rest-client -- session fixation vulnerability (83a7a720-07d8-11e5-9a28-001e67150279)

Andy Brody reports : When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

9.8CVSS8.2AI score0.04345EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/06/02 12:0 a.m.30 views

FreeBSD : rest-client -- plaintext password disclosure (ffe2d86c-07d9-11e5-9a28-001e67150279)

The open sourced vulnerability database reports : REST Client for Ruby contains a flaw that is due to the application logging password information in plaintext. This may allow a local attacker to gain access to password information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

2.1CVSS7.9AI score0.00373EPSS
Exploits0References4
OSV
OSV
added 2015/05/15 6:23 p.m.12 views

MGASA-2015-0227 Updated ruby-rest-client packages fix security vulnerabilities

Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation...

9.8CVSS7.7AI score0.04345EPSS
Exploits0References5
Mageia
Mageia
added 2015/05/15 6:23 p.m.53 views

Updated ruby-rest-client packages fix security vulnerabilities

Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation...

9.8CVSS9.3AI score0.04345EPSS
Exploits0References4
CNVD
CNVD
added 2015/04/30 12:0 a.m.7 views

Ruby REST Client Information Disclosure Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto.REST Client aka rest-client is one of the simple HTTP and REST client. A security vulnerability exists in Ruby REST Client versions prior to 1.7.3. Since t...

2.1CVSS6.4AI score0.00373EPSS
Exploits0References1
OSV
OSV
added 2015/04/29 8:59 p.m.10 views

CVE-2015-3448

REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...

7.1AI score
Exploits0References4
NVD
NVD
added 2015/04/29 8:59 p.m.25 views

CVE-2015-3448

REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...

2.1CVSS8.6AI score0.00373EPSS
Exploits0References4
OSV
OSV
added 2015/04/29 8:59 p.m.2 views

DEBIAN-CVE-2015-3448

REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...

2.1CVSS9AI score0.00373EPSS
Exploits0References1
OSV
OSV
added 2015/04/29 8:59 p.m.6 views

UBUNTU-CVE-2015-3448

REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...

2.1CVSS7.1AI score0.00373EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2015/04/29 8:59 p.m.25 views

CVE-2015-3448

REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...

2.1CVSS7.1AI score0.00373EPSS
Exploits0References3
Prion
Prion
added 2015/04/29 8:59 p.m.30 views

Cross site request forgery (csrf)

REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...

2.1CVSS6.1AI score0.00373EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/04/29 8:0 p.m.26 views

CVE-2015-3448

REST client for Ruby aka rest-client before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log...

8.7AI score0.00373EPSS
Exploits0References4
CVE
CVE
added 2015/04/29 8:0 p.m.104 views

CVE-2015-3448

The vulnerability CVE-2015-3448 affects the REST Client for Ruby (rest-client) prior to 1.7.3, where usernames and passwords are logged, enabling local users to read sensitive information from logs. Affected component is the rest-client Ruby library; root cause is credentials being written to log...

2.1CVSS8.4AI score0.00373EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder