Lucene search
+L

106 matches found

0day.today
0day.today
added 2016/02/18 12:0 a.m.18 views

DirectAdmin 1.491 - Cross-Site Request Forgery

Exploit for php platform in category web applications ============================================================================= Title : DirectAdmin 1.491 CSRF Vulnerability Date : 27-10-2014 updated 18-02-2016 Version : =1.491 Author : Necmettin COSKUN =@babayarisi Blog :http://ha.cker.io...

7.1AI score
Exploits0
myhack58
myhack58
added 2016/01/29 12:0 a.m.79 views

Ruby on Rails remote code execution vulnerability analysis (CVE-2 0 1 6-0 7 5 2)-vulnerability warning-the black bar safety net

If your application uses a dynamic rendering path, such as render params:id, and then unfortunately, the application currently by the presence of local file inclusion and lead to remote code execution vulnerabilities, please quickly move your Rails to update to the latest version, or for your...

4.3CVSS0.53703EPSS
Exploits2
OSV
OSV
added 2016/01/12 8:59 p.m.6 views

DEBIAN-CVE-2016-1232

The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...

7.5CVSS7.1AI score0.02183EPSS
Exploits0References1
OSV
OSV
added 2016/01/12 8:59 p.m.9 views

CVE-2016-1232

The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...

7.5CVSS7.2AI score
Exploits0References7
Debian CVE
Debian CVE
added 2016/01/12 8:0 p.m.50 views

CVE-2016-1232

The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...

7.5CVSS6AI score0.02183EPSS
Exploits0
ThreatPost
ThreatPost
added 2014/12/02 1:49 p.m.15 views

IBM Fixes Serious Code Execution Bug in Endpoint Manager Product

IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered...

2.1AI score
Exploits0References2
Prion
Prion
added 2014/01/02 2:59 p.m.10 views

Code injection

config/initializers/secrettoken.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secrettoken value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code...

5CVSS7.1AI score0.02424EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2014/01/02 11:0 a.m.20 views

CVE-2013-7222

config/initializers/secrettoken.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secrettoken value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code...

6.5AI score0.02424EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2013/12/30 12:0 a.m.20 views

SuSE Update for Fixes openSUSE-SU-2013:1954-1 (Fixes)

Check for the Version of Fixes OpenVAS Vulnerability Test $Id: gbsuse201319541.nasl 8045 2017-12-08 08:39:37Z santu $ SuSE Update for Fixes openSUSE-SU-2013:1954-1 Fixes Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is...

7.2CVSS6.4AI score0.00481EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2013/12/30 12:0 a.m.25 views

SuSE Update for Fixes openSUSE-SU-2013:1952-1 (Fixes)

Check for the Version of Fixes OpenVAS Vulnerability Test $Id: gbsuse201319521.nasl 8466 2018-01-19 06:58:30Z teissa $ SuSE Update for Fixes openSUSE-SU-2013:1952-1 Fixes Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is...

7.2CVSS6.4AI score0.00481EPSS
Exploits1References1
OPENSUSE Linux
OPENSUSE Linux
added 2013/12/25 6:10 p.m.32 views

Fixes a local vulnerability (important)

Fixed CVE-2013-3709: make the secret token file secrettoken.rb readable only for the webyast user to avoid forging the session cookie bnc851116 reported by joernchen of Phenoelit...

7.2CVSS1.1AI score0.00481EPSS
Exploits1References1
OPENSUSE Linux
OPENSUSE Linux
added 2013/12/25 6:4 p.m.28 views

Fixes a local vulnerability (important)

Fixed CVE-2013-3709: make the secret token file secrettoken.rb readable only for the webyast user to avoid forging the session cookie bnc851116...

7.2CVSS1.2AI score0.00481EPSS
Exploits1References1
NVD
NVD
added 2013/12/23 11:55 p.m.27 views

CVE-2013-3709

WebYaST 1.3 uses weak permissions for config/initializers/secrettoken.rb, which allows local users to gain privileges by reading the Rails secret token from this file...

7.2CVSS6.3AI score0.00481EPSS
Exploits1References7
Cvelist
Cvelist
added 2013/12/23 11:0 p.m.33 views

CVE-2013-3709

WebYaST 1.3 uses weak permissions for config/initializers/secrettoken.rb, which allows local users to gain privileges by reading the Rails secret token from this file...

6.2AI score0.00481EPSS
Exploits1References7
Packet Storm
Packet Storm
added 2013/08/11 12:0 a.m.49 views

Ruby on Rails Known Secret Session Cookie Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 NullSe...

0.2AI score
Exploits0
Metasploit
Metasploit
added 2013/07/26 6:23 p.m.66 views

Ruby on Rails Known Secret Session Cookie Remote Code Execution

This module implements Remote Command Execution on Ruby on Rails applications. Prerequisite is knowledge of the "secrettoken" Rails 2/3 or "secretkeybase" Rails 4. The values for those can be usually found in the file "RAILSROOT/config/initializers/secrettoken.rb". The module achieves RCE by...

7.5CVSS0.99449EPSS
Exploits21
The Hacker News
The Hacker News
added 2013/05/29 3:16 p.m.9 views

Hacking PayPal accounts to steal user Private data

If you're making a lot of money and you want to keep records of your transactions, then using PayPal's Reporting system you can effectively measure and manage your business. Nir Goldshlager, founder of Breaksec and Security Researcher reported critical flaws in Paypal Reporting system that allowe...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/01/30 12:0 a.m.15 views

Well-Known Ruby on Rails Secret Token Used on Remote Application

Binary data rubyonrailsknownsecret.nbin...

7.3AI score
Exploits0References3
OSV
OSV
added 2013/01/04 4:46 a.m.10 views

CVE-2012-6497

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...

7.2AI score
Exploits0References7
OSV
OSV
added 2013/01/04 4:46 a.m.7 views

DEBIAN-CVE-2012-6497

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...

5CVSS8AI score0.02737EPSS
Exploits1References1
Rows per page
Query Builder