19 matches found
EUVD-2011-0004
Malware in sbrugna...
Cross-site request forgery in Django
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...
Fedora Update for rubygem-actionpack FEDORA-2011-11567
Check for the Version of rubygem-actionpack OpenVAS Vulnerability Test Fedora Update for rubygem-actionpack FEDORA-2011-11567 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Fedora Update for rubygem-actionpack FEDORA-2011-11567
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Debian: Security Advisory (DSA-2247-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 2247-1] rails security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2247-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 31, 2011 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2247-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2247-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst May 31, 2011 http://www.debian.org/security/faq -...
Ruby on Rails跨站脚本执行及跨站请求伪造漏洞
BUGTRAQ ID: 46291 CVE ID: CVE-2011-0446,CVE-2011-0447 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails在实现上存在跨站脚本执行和跨站请求伪造漏洞,攻击者可利用跨站脚本执行漏洞在受影响浏览器中执行任意脚本代码,窃取Cookie验证凭证。 Ruby on Rails Ruby on Rails 3.x Ruby on Rails Ruby on Rails 2.x Ruby on Rails Ruby on Rails 1.x 厂商补...
Fedora 15 : rubygem-actionmailer-3.0.5-1.fc15 / rubygem-actionpack-3.0.5-1.fc15 / etc (2011-4358)
Update to the Rails 3.0.5 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenabl...
Fedora Update for rubygem-actionpack FEDORA-2011-2138
Check for the Version of rubygem-actionpack OpenVAS Vulnerability Test Fedora Update for rubygem-actionpack FEDORA-2011-2138 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Fedora Update for rubygem-actionpack FEDORA-2011-2133
Check for the Version of rubygem-actionpack OpenVAS Vulnerability Test Fedora Update for rubygem-actionpack FEDORA-2011-2133 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Fedora Update for rubygem-actionpack FEDORA-2011-2138
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for rubygem-actionpack FEDORA-2011-2133
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 13 : rubygem-actionpack-2.3.5-4.fc13 (2011-2138)
Security fixes CVE-2011-0446, CVE-2011-0447. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 14 : rubygem-actionpack-2.3.8-3.fc14 (2011-2133)
Security fixes CVE-2011-0446, CVE-2011-0447. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Cross site request forgery (csrf)
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...
CVE-2011-0447
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...
CVE-2011-0447
CVE-2011-0447: Ruby on Rails 2.1.x–2.3.x before 2.3.11 and 3.x before 3.0.4 fail to properly validate an X-Requested-With header in HTTP requests, enabling remote attackers to perform CSRF via forged AJAX or API requests that leverage browser plugins and redirects. Affected versions include Rails...
CVE-2011-0447
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...