Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2010/03/11 12:0 a.m.39 views

openSUSE Security Update : rubygem-actionpack-2_3 (rubygem-actionpack-2_3-1934)

This update of rubygems fixes two vulnerabilities : - CVE-2008-7248: CVSS v2 Base Score: 4.3 Rails CSRF protection can be bypassed by using special content-types for a HTTP request. - CVE-2009-4214: CVSS v2 Base Score: 4.3 The method striptags does not completely protect against XSS attacks...

6.8CVSS5AI score0.0808EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2010/03/04 12:0 a.m.35 views

openSUSE Security Update : rubygem-actionpack (rubygem-actionpack-1946)

This update of rubygems fixes two vulnerabilities : - CVE-2008-7248: CVSS v2 Base Score: 4.3 Rails CSRF protection can be bypassed by using special content-types for a HTTP request. - CVE-2009-4214: CVSS v2 Base Score: 4.3 The method striptags does not completely protect against XSS attacks...

6.8CVSS5AI score0.0808EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2010/03/04 12:0 a.m.50 views

openSUSE Security Update : rubygem-actionpack (rubygem-actionpack-1946)

This update of rubygems fixes two vulnerabilities : - CVE-2008-7248: CVSS v2 Base Score: 4.3 Rails CSRF protection can be bypassed by using special content-types for a HTTP request. - CVE-2009-4214: CVSS v2 Base Score: 4.3 The method striptags does not completely protect against XSS attacks...

6.8CVSS5AI score0.0808EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2009/12/30 12:0 a.m.61 views

Gentoo Security Advisory GLSA 200912-02 (rails)

The remote host is missing updates announced in advisory GLSA 200912-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

7.5CVSS0.7AI score0.0808EPSS
Exploits5
CVE
CVE
added 2009/12/16 1:0 a.m.96 views

CVE-2008-7248

Affected software / component: Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 in which CSRF protection relies on token verification. Vulnerability / root cause: Rails CSRF protection can be bypassed because tokens are not verified for requests with certain content types (demonstrated with ...

6.8CVSS9.6AI score0.0808EPSS
Exploits1References10Affected Software1
Circl
Circl
added 2009/12/14 12:0 a.m.8 views

CVE-2008-7248

creationtimestamp| type| source ---|---|--- 2009-12-14 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33402...

6.8CVSS5.7AI score0.0808EPSS
Exploits1References1
Rows per page
Query Builder