Lucene search
K

178 matches found

Github Security Blog
Github Security Blog
added 2019/03/13 5:28 p.m.44 views

Use of Insufficiently Random Values in Railties Allows Remote Code Execution

Possible Remote Code Execution Exploit in Rails Development Mode Impact ------ With some knowledge of a target application it is possible for an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to...

9.8CVSS9.8AI score0.92144EPSS
Exploits13References8Affected Software1
RubySec
RubySec
added 2019/03/13 12:0 a.m.89 views

Possible Remote Code Execution Exploit in Rails Development Mode

There is a possible a possible remote code executing exploit in Rails when in development mode. This vulnerability has been assigned the CVE identifier CVE-2019-5420. Versions Affected: 6.0.0.X, 5.2.X. Not affected: 5.2.0 Fixed Versions: 6.0.0.beta3, 5.2.2.1 Impact ------ With some knowledge of a...

9.8CVSS4.2AI score0.92144EPSS
Exploits13References1Affected Software1
Cvelist
Cvelist
added 2017/03/27 5:0 p.m.18 views

CVE-2017-7271

Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...

6AI score0.01042EPSS
Exploits0References4
CNVD
CNVD
added 2016/08/02 12:0 a.m.4 views

Struts2 devMode Remote Command Execution Vulnerability in Chengdu Konsai Information Technology Co.

TeachCloud Resource Platform is an education informatization product for China's compulsory education education management institutions and schools, aiming at realizing regional or intra-school resource sharing and promoting the application of resources for "teaching" and "learning". The product...

8.5AI score
Exploits0References1
myhack58
myhack58
added 2016/03/04 12:0 a.m.71 views

Monkey race ray! RSA conference badge scanning application broke vulnerability-vulnerability warning-the black bar safety net

Recently, the BLUE BOX company's security researchers found: RSA 2 0 1 6 The General Assembly on the use of badge scanning APP there is a hard-coded default passwords. This year, RSA 2 0 1 6 The participants will get a unique surprise: the General Assembly, as many manufacturers offer a Samsung...

0.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/09/04 6:12 a.m.4 views

Apache Struts vulnerable to cross-site scripting

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC...

6.1CVSS6.1AI score0.07551EPSS
Exploits0References11
NVD
NVD
added 2014/08/18 11:15 a.m.27 views

CVE-2014-2388

The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via 1 a session over a Wi-Fi network or 2 a session over a...

6.1CVSS6.7AI score0.01213EPSS
Exploits3References9
Prion
Prion
added 2014/08/18 11:15 a.m.19 views

Design/Logic Flaw

The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via 1 a session over a Wi-Fi network or 2 a session over a...

6.1CVSS7AI score0.01213EPSS
Exploits3References9Affected Software1
Cvelist
Cvelist
added 2014/08/18 10:0 a.m.34 views

CVE-2014-2388

The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via 1 a session over a Wi-Fi network or 2 a session over a...

6.7AI score0.01213EPSS
Exploits3References9
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

Progress 3.1 Webspeed _CPYFile.P Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23634/info Progress WebSpeed is prone to a vulnerability that lets attackers gain unauthorized access to and execute administrative scripts. An attacker may leverage this issue to create and execute malicious WebSpeed cod...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2013/03/19 12:0 a.m.58 views

n.runs-SA-2013.001 - Polycom - Command Shell Grants System-Level Access

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.001 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom Command Shell Grants System-Level Access Risk: LOW Overview: The Polycom Command Shell ...

0.3AI score
Exploits0
myhack58
myhack58
added 2012/01/11 12:0 a.m.12 views

Apache Struts remote command execution and arbitrary file overwrite vulnerabilities-vulnerability warning-the black bar safety net

Release Date: 2 0 1 2 year 0 1 month 0 8 day Affected Software and systems Apache Struts 2.3.1 and following versions Vulnerability description Apache Struts is a development of Java Web application open source Web application framework. Apache Struts in the realization of the presence of the...

2.2AI score
Exploits0
Atlassian
Atlassian
added 2010/07/15 12:33 a.m.52 views

Enable Web Sudo to work with other single-sign-on solutions

Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...

0.3AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/07/15 12:33 a.m.20 views

Enable Web Sudo to work with other single-sign-on solutions

Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...

0.3AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2010/03/01 12:0 a.m.55 views

SilverStripe CMS Running in Development Mode

The SilverStripe CMS install hosted on the remote web server appears to be running in development mode. When running in development mode, debugging tools are accessible without authentication, which could enable an attacker to gain sensitive information relating to the application. %NASLMINLEVEL...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2008/11/24 12:0 a.m.252 views

Apache Struts 2 devMode Information Disclosure

The remote web server is using Apache Struts 2, a web application framework for developing Java EE web applications. The version of Apache Struts 2 installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web...

5.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/04/26 12:0 a.m.53 views

WebSpeed Development Mode Check

The remote web server is using WebSpeed, a website creation language used with database-driven websites. The installation of WebSpeed on the remote host is configured to operate in 'Development' rather than 'Production' mode, which could allow users to discover sensitive information and even run...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2007/04/26 12:0 a.m.140 views

WebSpeed Workshop Arbitrary Command Execution

The remote web server appears to be using WebSpeed, a website creation language used with database-driven websites. The installation of WebSpeed on the remote host is configured to operate in 'Development' mode and allows access to the WebSpeed Workshop, an environment intended for developing...

5.8AI score
Exploits0References1
Rows per page
Query Builder