Lucene search
K

19 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.206 views

Ruby on Rails Action View MIME Memory Exhaustion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby on Rails Action View MIME Memory Exhaustion', 'Description' = %q This module exploits a Denial of Service DoS condition in Action View that...

5CVSS6.9AI score0.207EPSS
Exploits2
OpenVAS
OpenVAS
added 2015/03/06 12:0 a.m.44 views

Fedora Update for rubygem-actionpack FEDORA-2014-15371

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.53703EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.52 views

openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1907-1)

fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS bnc853625. File CVE-2013-4491.patch contains the patch - fix CVE-2013-6414: rubygem-actionpack: Action View DoS bnc853633. File CVE-2013-6414.patch contains the patch. - fix CVE-2013-6415: rubygem-actionpack: numbertocurrency XSS...

6.4CVSS7.1AI score0.207EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.54 views

openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1904-1)

fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS bnc853625. File CVE-2013-4491.patch contains the patch - fix CVE-2013-6414: rubygem-actionpack: Action View DoS bnc853633. File CVE-2013-6414.patch contains the patch. - fix CVE-2013-6415: rubygem-actionpack: numbertocurrency XSS...

6.4CVSS7.1AI score0.207EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.58 views

openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2014:0009-1)

This update fixes the following security issues with rubygem-actionpack-32 : - fix CVE-2013-4389: rubygem-actionmailer-31: possible DoS vulnerability in the log subscriber component bnc846239 File CVE-2013-4389.patch contains the fix. - fix CVE-2013-4491: rubygem-actionpack: i18n missing...

6.4CVSS7.3AI score0.207EPSS
Exploits4References12
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.56 views

openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-SU-2013:1906-1)

fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS bnc853625. File CVE-2013-4491.patch contains the patch - fix CVE-2013-6414: rubygem-actionpack: Action View DoS bnc853633. File CVE-2013-6414.patch contains the patch. - fix CVE-2013-6415: rubygem-actionpack: numbertocurrency XSS...

6.4CVSS7.1AI score0.207EPSS
Exploits3References10
OpenVAS
OpenVAS
added 2014/05/26 12:0 a.m.46 views

Fedora Update for rubygem-actionpack FEDORA-2014-6127

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.53703EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2014/05/26 12:0 a.m.51 views

Fedora Update for rubygem-actionpack FEDORA-2014-6098

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.53703EPSS
Exploits4References4
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.101 views

[SECURITY] [DSA 2888-1] ruby-actionpack-3.2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2888-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 27, 2014 http://www.debian.org/security/faq -...

6.4CVSS1.6AI score0.207EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2014/03/28 12:0 a.m.53 views

Debian DSA-2888-1 : ruby-actionpack-3.2 - security update

Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

6.4CVSS7.8AI score0.207EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2014/03/21 12:0 a.m.39 views

Puppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities

According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.1.1. As a result, it is reportedly affected by multiple vulnerabilities : - An input validation error exists related to the included Ruby version, handling string to floating point...

6.8CVSS8AI score0.34968EPSS
Exploits6References15
OpenVAS
OpenVAS
added 2014/03/12 12:0 a.m.50 views

Fedora Update for rubygem-actionpack FEDORA-2013-23636

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS7.8AI score0.207EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2014/03/12 12:0 a.m.47 views

Fedora Update for rubygem-actionpack FEDORA-2014-3232

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS7.2AI score0.207EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2014/01/27 12:0 a.m.43 views

Fedora Update for rubygem-actionpack FEDORA-2014-0970

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS6.5AI score0.207EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2013/12/09 12:0 a.m.46 views

FreeBSD : rails -- multiple vulnerabilities (6a806960-3016-44ed-8575-8614a7cb57c7)

Rails weblog : Rails 3.2.16 and 4.0.2 have been released! These two releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue. The security fixes in 3.2.16...

6.4CVSS5.3AI score0.207EPSS
Exploits2References7
CVE
CVE
added 2013/12/07 12:0 a.m.121 views

CVE-2013-6414

CVE-2013-6414 affects Action View in Ruby on Rails 3.x (before 3.2.16) and 4.x (before 4.0.2); a header with an invalid MIME type can cause excessive caching leading to memory exhaustion (DoS). Observed in user reports and PoCs (e.g., Metasploit rails_action_view.rb). OpenSUSE/Fedora advisories r...

5CVSS6.2AI score0.207EPSS
Exploits2References13Affected Software1
Debian CVE
Debian CVE
added 2013/12/07 12:0 a.m.69 views

CVE-2013-6414

actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...

5CVSS6.1AI score0.207EPSS
Exploits2
Metasploit
Metasploit
added 2013/12/04 8:57 p.m.49 views

Ruby on Rails Action View MIME Memory Exhaustion

This module exploits a Denial of Service DoS condition in Action View that requires a controller action. By sending a specially crafted content-type header to a Rails application, it is possible for it to store the invalid MIME type, and may eventually consume all memory if enough invalid MIMEs a...

5CVSS6.9AI score0.207EPSS
Exploits2
FreeBSD
FreeBSD
added 2013/12/03 12:0 a.m.57 views

rails -- multiple vulnerabilities

Rails weblog: Rails 3.2.16 and 4.0.2 have been released! These two releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each security issue. The security fixes in 3.2.16...

6.4CVSS6.5AI score0.207EPSS
Exploits2References1
Rows per page
Query Builder