analyze_cookies

This plugin greps every response for session cookies that the web application sends to the client, and analyzes them in order to identify potential vulnerabilities, the remote web application framework and other interesting information. Plugin type Grep Options This plugin doesnt have any user...

struts 2.3.14.2 命令执行漏洞

Apache Struts框架是一个基于Java Servlets,JavaBeans和JavaServer PagesJSP的Web应用框架的开源项目,Struts基于Model-View-ControllerMVC的设计模式,可以用来构件复杂的Web应用.Apache Struts 2.3.14.3（不含）以前版本中， 利用Action名字的模糊匹配特性可以触发命令执行攻击。 Struts 2.3.14.3...

Ruby on Rails 远程代码执行漏洞(CVE-2013-0277)

BUGTRAQ ID: 57898 CVECAN ID: CVE-2013-0277 Ruby on Rails简称RoR或Rails，是一个使用Ruby语言写的开源Web应用框架，它是严格按照MVC结构开发的。 Ruby on Rails 3.x、2.3.x中的活动记录允许远程攻击者通过特制的序列化属性造成拒绝服务或执行任意代码，这些特制的属性可造成+serialize+ helper反序列化任意YAML。 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 2.3.x 厂商补丁： Ruby on Rails...

Ruby on Rails XML Processor YAML Deserialization

Added: 02/15/2013 CVE: CVE-2013-0156 BID: 57187 OSVDB: 89026 Background Ruby on Rails is a full stack, Web application framework optimized for sustainable programming productivity, allowing writing sound code by favoring convention over configuration. Problem Ruby on Rails versions prior to 2.3.1...

CVE-2013-0381

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework...

Design/Logic Flaw

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework...

CVE-2013-0381

Technical details for CVE-2013-0381 are not publicly available in the provided documents; no affected products, vectors, or mitigations are specified. Monitor for updates from official advisories.

CVE-2013-0381

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework...

Oracle Application Framework Diagnostic Mode Bypass Vulnerability

Exploit for jsp platform in category web applications Oracle Application Framework Diagnostic Mode Bypass Vulnerability Published: 1/15/2013 Version: 1.0 Vendor: Oracle www.oracle.com Product: Oracle Application Framework Version affected: 11.5.10.2, 12.0.6, 12.1.3 Product description: The Oracle...

Oracle Application Framework Diagnostic Mode Bypass

Trustwave SpiderLabs Security Advisory TWSL2012-023: Oracle Application Framework Diagnostic Mode Bypass Vulnerability Published: 1/15/2013 Version: 1.0 Vendor: Oracle www.oracle.com Product: Oracle Application Framework Version affected: 11.5.10.2, 12.0.6, 12.1.3 Product description: The Oracle...

Oracle Application Framework - Diagnostic Mode Bypass

Trustwave SpiderLabs Security Advisory TWSL2012-023: Oracle Application Framework Diagnostic Mode Bypass Vulnerability Published: 1/15/2013 Version: 1.0 Vendor: Oracle www.oracle.com Product: Oracle Application Framework Version affected: 11.5.10.2, 12.0.6, 12.1.3 Product description: The Oracle...

Oracle Application Framework - Diagnostic Mode Bypass

Oracle Application Framework - Diagnostic Mode Bypass Trustwave SpiderLabs Security Advisory TWSL2012-023: Oracle Application Framework Diagnostic Mode Bypass Vulnerability Published: 1/15/2013 Version: 1.0 Vendor: Oracle www.oracle.com Product: Oracle Application Framework Version affected:...

Ruby On Rails XML Processor YAML Deserialization Code Execution

This Metasploit module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the...

Exploit Code, Metasploit Module Out for Ruby on Rails Flaws

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proof-of-concept exploit code for a couple of the flaws and the team at Metasploit have released a module for the penetration testing framework that exploit one of the bugs, as...

Ruby on Rails XML Processor YAML Deserialization Code Execution

This module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application...

Ruby on Rails Authlogic gem SQL注入漏洞

CVE ID: CVE-2012-5664 Ruby on Rails是一款Web应用程序框架，构建在Ruby语言之上 AuthLogic gem实现存在一个SQL注入漏洞，如果Ruby on Rails应用使用AuthLogic gem进行验证，并且攻击者在能访问Rails应用的私钥的情况下，可绕过安全限制进行未授权访问 0 Ruby on Rails 厂商补丁： Ruby on Rails ---------- 目前没有详细解决方案提供： http://rubygems.org/gems/authlogic...

Bitweaver 2.8.1 Multiple Vulnerabilities

Finding 1: Local File Inclusion Vulnerability CVE: CVE-2012-5192 Finding 2: Multiple XSS Vulnerabilities in Bitweaver CVE: CVE-2012-5193 Trustwave SpiderLabs Security Advisory TWSL2012-016: Multiple Vulnerabilities in Bitweaver Published: 10/23/2012 Version: 1.0 Vendor: Bitweaver...

Ruby 本地文件创建漏洞(CVE-2012-4522)

Bugtraq ID:56115 CVE ID:CVE-2012-4522 Ruby on Rails是一款Web应用程序框架，构建在Ruby语言之上。 Ruby的文件创建函数存在安全漏洞，允许攻击者在文件路径中注入非法NULs创建恶意文件。 0 Yukihiro Matsumoto Ruby 1.9.3 dev Yukihiro Matsumoto Ruby 1.9.2 RC2 Yukihiro Matsumoto Ruby 1.9.2 P180 Yukihiro Matsumoto Ruby 1.9.2 P136 Yukihiro Matsumoto Ruby 1.9.2 P0...

Fedora Update for php-symfony-symfony FEDORA-2012-8966

Check for the Version of php-symfony-symfony OpenVAS Vulnerability Test Fedora Update for php-symfony-symfony FEDORA-2012-8966 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...

CVE-2012-0215

model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...