3 matches found
Design/Logic Flaw
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of th...
Debian DSA-2620-1 : rails - several vulnerabilities
Two vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development. - CVE-2013-0276 The blacklist provided by the attrprotected method could be bypassed with crafted requests, having an application-specific impact. - CVE-2013-0277 In some applications, the...
CVE-2009-5121
Websense Email Security 7.1 before Hotfix 4 allows remote attackers to bypass the sender-based blacklist by using the 8BITMIME EHLO keyword in the SMTP session...