106 matches found
DirectAdmin 1.491 - Cross-Site Request Forgery
Exploit for php platform in category web applications ============================================================================= Title : DirectAdmin 1.491 CSRF Vulnerability Date : 27-10-2014 updated 18-02-2016 Version : =1.491 Author : Necmettin COSKUN =@babayarisi Blog :http://ha.cker.io...
Ruby on Rails remote code execution vulnerability analysis (CVE-2 0 1 6-0 7 5 2)-vulnerability warning-the black bar safety net
If your application uses a dynamic rendering path, such as render params:id, and then unfortunately, the application currently by the presence of local file inclusion and lead to remote code execution vulnerabilities, please quickly move your Rails to update to the latest version, or for your...
DEBIAN-CVE-2016-1232
The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...
CVE-2016-1232
The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...
CVE-2016-1232
The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...
IBM Fixes Serious Code Execution Bug in Endpoint Manager Product
IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered...
Code injection
config/initializers/secrettoken.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secrettoken value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code...
CVE-2013-7222
config/initializers/secrettoken.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secrettoken value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code...
SuSE Update for Fixes openSUSE-SU-2013:1954-1 (Fixes)
Check for the Version of Fixes OpenVAS Vulnerability Test $Id: gbsuse201319541.nasl 8045 2017-12-08 08:39:37Z santu $ SuSE Update for Fixes openSUSE-SU-2013:1954-1 Fixes Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is...
SuSE Update for Fixes openSUSE-SU-2013:1952-1 (Fixes)
Check for the Version of Fixes OpenVAS Vulnerability Test $Id: gbsuse201319521.nasl 8466 2018-01-19 06:58:30Z teissa $ SuSE Update for Fixes openSUSE-SU-2013:1952-1 Fixes Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is...
Fixes a local vulnerability (important)
Fixed CVE-2013-3709: make the secret token file secrettoken.rb readable only for the webyast user to avoid forging the session cookie bnc851116 reported by joernchen of Phenoelit...
Fixes a local vulnerability (important)
Fixed CVE-2013-3709: make the secret token file secrettoken.rb readable only for the webyast user to avoid forging the session cookie bnc851116...
CVE-2013-3709
WebYaST 1.3 uses weak permissions for config/initializers/secrettoken.rb, which allows local users to gain privileges by reading the Rails secret token from this file...
CVE-2013-3709
WebYaST 1.3 uses weak permissions for config/initializers/secrettoken.rb, which allows local users to gain privileges by reading the Rails secret token from this file...
Ruby on Rails Known Secret Session Cookie Remote Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 NullSe...
Ruby on Rails Known Secret Session Cookie Remote Code Execution
This module implements Remote Command Execution on Ruby on Rails applications. Prerequisite is knowledge of the "secrettoken" Rails 2/3 or "secretkeybase" Rails 4. The values for those can be usually found in the file "RAILSROOT/config/initializers/secrettoken.rb". The module achieves RCE by...
Hacking PayPal accounts to steal user Private data
If you're making a lot of money and you want to keep records of your transactions, then using PayPal's Reporting system you can effectively measure and manage your business. Nir Goldshlager, founder of Breaksec and Security Researcher reported critical flaws in Paypal Reporting system that allowe...
Well-Known Ruby on Rails Secret Token Used on Remote Application
Binary data rubyonrailsknownsecret.nbin...
CVE-2012-6497
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...
DEBIAN-CVE-2012-6497
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...