20 matches found
EUVD-2017-16347
Malware in sbrugna...
SUSE CVE-2018-16477
A bypass vulnerability in Active Storage = 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as...
Uber: Cookie Bombing cause DOS - businesses.uber.com
Cookie Bombing cause DOS on businesses.uber.com...
GHSA-7RR7-RCJW-56VJ Exposure of Sensitive Information to an Unauthorized Actor in activestorage
A bypass vulnerability in Active Storage = 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as...
CVE-2018-16477
A bypass vulnerability in Active Storage = 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as...
Design/Logic Flaw
A bypass vulnerability in Active Storage = 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as...
CVE-2018-16477
A bypass vulnerability in Active Storage = 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as...
DEBIAN-CVE-2018-16477
A bypass vulnerability in Active Storage = 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as...
CVE-2018-16477
CVE-2018-16477 describes a bypass vulnerability in Rails Active Storage (version >= 5.2.0) for Google Cloud Storage and the Disk service. The issue allows an attacker to modify the content-disposition and content-type parameters, enabling inline execution of HTML files. When combined with othe...
CVE-2018-16477
A bypass vulnerability in Active Storage = 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as...
Exposure of Sensitive Information to an Unauthorized Actor
A bypass vulnerability in Active Storage for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie...
Ruby on Rails: ActiveStorage service's signed URLs can be hijacked via AppCache+Cookie stuffing trick when using GCS or DiskService
ActiveStorage tries to force content-disposition: attachment for a list of content-types, including text/html. However, response-content-type and response-content-disposition in GCS and DiskService's URLs aren't signed, which means an attacker can modify them at will. This is not the case for Azu...
Infogram: No Rate Limit on account deletion request(Leads to huge email flooding/email bombing)
Dear sir, At first,i want to say that this sensitive action definitely should be set with rate limit. Note:-This is about huge bombing/brute force on any endpoints. Vulnerability:- -No rate limit has been set for generating account deletion emails for accounts on above selected domain. -As there ...
MODX CMS 2.x < 2.5.5 Multiple Vulnerabilities
MODX CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:modx:revolution"; ifdescription...
MODX Revolution 'setup/controllers/language.php' file HTTP response splitting vulnerability
MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A security vulnerability exists in the setup/controllers/language.php file in MODX Revolution 2.5.4-pl a...
CVE-2017-7320
setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service cookie quota exhaustion, or conduct HTTP Response Splitting attacks with resulta...
Code injection
setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service cookie quota exhaustion, or conduct HTTP Response Splitting attacks with resulta...
CVE-2017-7320
setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service cookie quota exhaustion, or conduct HTTP Response Splitting attacks with resulta...
CVE-2017-7320
setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service cookie quota exhaustion, or conduct HTTP Response Splitting attacks with resulta...
CVE-2017-7320
MODX Revolution 2.5.4-pl and earlier are affected by a vulnerability in setup/controllers/language.php where the language parameter is not properly constrained. An attacker can supply an invalid value to trigger a Cookie-Bombing denial of service (cookie quota exhaustion) and can also perform HTT...