EUVD-2017-0314

Malware in sbrugna...

Debian: Security Advisory (DLA-604-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2016-0752

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...

Ruby On Rails Directory Traversal (CVE-2016-0752)

A directory traversal vulnerability exists in Ruby on Rails. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...

SUSE: Security Advisory (SUSE-SU-2016:1146-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

dexterton.com Cross Site Scripting vulnerability

Security Researcher egyptghost Helped patch 410 vulnerabilities Received 2 Coordinated Disclosure badges Received 2 recommendations , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting dexterton.com website and its users. Following coordinate...

Directory Traversal And Information Disclosure

actionview gem is vulnerable to directory traversal and information disclosure. This vulnerability affects applications which pass user input directly into the 'render' method in an action view controller without verification. Using this vulnerability, attackers can render files from outside the...

GHSA-VX9J-46RH-FQR8 actionview contains Path Traversal vulnerability

There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all possible scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x,...

Ruby on Rails Dynamic Render code execution

Added: 11/11/2016 CVE: CVE-2016-0752 BID: 81801 Background Ruby on Rails is a web application framework written in Ruby. Problem A vulnerability in Ruby on Rails allows arbitrary code to be uploaded and executed on the server if the application endpoint users dynamic render paths. Resolution...

Ruby on Rails Dynamic Render code execution

Added: 11/11/2016 CVE: CVE-2016-0752 BID: 81801 Background Ruby on Rails is a web application framework written in Ruby. Problem A vulnerability in Ruby on Rails allows arbitrary code to be uploaded and executed on the server if the application endpoint users dynamic render paths. Resolution...

Ruby on Rails Dynamic Render code execution

Added: 11/11/2016 CVE: CVE-2016-0752 BID: 81801 Background Ruby on Rails is a web application framework written in Ruby. Problem A vulnerability in Ruby on Rails allows arbitrary code to be uploaded and executed on the server if the application endpoint users dynamic render paths. Resolution...

CVE-2016-0752

creationtimestamp| type| source ---|---|--- 2016-10-17 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40561 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/railsdynamicrendercodeexec.rb 2023-06-14...

Ruby on Rails Multiple Vulnerabilities (Jan 2016) - Windows

Ruby on Rails is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rubyonrails:rails";...

Directory traversal

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a pathname. NOTE: this vulnerability exists...

SUSE-SU-2016:0858-1 Security update for rubygem-actionpack-4_1

This update for rubygem-actionpack-41 fixes the following issues: - CVE-2016-0751: Object Leak DoS bsc963331 - CVE-2015-7581: unbounded memory growth DoS via wildcard controller routes bsc963335 - CVE-2016-0752: directory traversal and information leak in Action View bsc963332 - CVE-2015-7576:...

Ruby on Rails Action View 信息泄漏

Possible Information Leak Vulnerability in Action View. There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all the scenarios. This vulnerability has been assigned the CVE...

rubygem-actionpack: directory traversal in Action View, incomplete CVE-2016-0752 fix

A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code...

Debian Security Advisory DSA 3509-1 (rails - security update)

Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby. Both vulnerabilities affect Action Pack, which handles the web requests for Rails. CVE-2016-2097Crafted requests to Action View, one of the components of Action Pack, might result in rendering files fr...

DSA-3509-1 rails - security update

Bulletin has no description...

Fedora 22 : rubygem-actionpack-4.2.0-3.fc22 / rubygem-activemodel-4.2.0-2.fc22 (2016-94e71ee673)

Security fix for CVE-2015-7581 CVE-2015-7576 CVE-2016-0751 CVE-2016-0752 CVE-2016-0753 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible withou...