11 matches found
BIT-RUBY-MIN-2021-33621
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object...
tough-cookie: prototype pollution in cookie memstore
A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...
Internet Bug Bounty: Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information
A vulnerability was found in Ruby's CGI library that allowed an attacker to inject a malicious HTTP response header and/or body if an application used untrusted user input to generate HTTP responses. The vulnerability was fixed in version 0.3.5, 0.2.2, and 0.1.0.2 of the cgi gem...
HTTP Response Splitting
ruby is vulnerable to http response splitting. The vulnerability exists when applications use untrusted user input either to generate an HTTP response or to create a cgi cookie object...
rubygem-cgi -- HTTP response splitting vulnerability
Hiroshi Tokumaru reports: If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application create...
HTTP response splitting in CGI
If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body. Also, the contents for a CGI::Cookie object were not checked properly. If an application creates a CGI::Cookie object bas...
CVE-2021-33621
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object...
Internet Software Sciences Web+Center 4.0.1 Cookie Object SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10771/info An SQL injection vulnerability is identified in the application that may allow attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. This issue...
webcenterSQL.txt
Internet Software Sciences's Web+Center SQL Injection Summary Internet Software Sciences's Web+Center is "A suite of web based customer support applications including: Customer+Center Tech+Center Business+Center Pocket+Center". The Web+Center does a good job of filtering out malicious content fro...
Internet Software Sciences Web+Center 4.0.1 - Cookie Object SQL Injection
Internet Software Sciences Web+Center 4.0.1 - Cookie Object SQL Injection source: https://www.securityfocus.com/bid/10771/info An SQL injection vulnerability is identified in the application that may allow attackers to pass malicious input to database queries, resulting in the modification of que...
[NT] Internet Software Sciences's Web+Center SQL Injection
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...