178 matches found
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
Possible Remote Code Execution Exploit in Rails Development Mode Impact ------ With some knowledge of a target application it is possible for an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to...
Possible Remote Code Execution Exploit in Rails Development Mode
There is a possible a possible remote code executing exploit in Rails when in development mode. This vulnerability has been assigned the CVE identifier CVE-2019-5420. Versions Affected: 6.0.0.X, 5.2.X. Not affected: 5.2.0 Fixed Versions: 6.0.0.beta3, 5.2.2.1 Impact ------ With some knowledge of a...
CVE-2017-7271
Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...
Struts2 devMode Remote Command Execution Vulnerability in Chengdu Konsai Information Technology Co.
TeachCloud Resource Platform is an education informatization product for China's compulsory education education management institutions and schools, aiming at realizing regional or intra-school resource sharing and promoting the application of resources for "teaching" and "learning". The product...
Monkey race ray! RSA conference badge scanning application broke vulnerability-vulnerability warning-the black bar safety net
Recently, the BLUE BOX company's security researchers found: RSA 2 0 1 6 The General Assembly on the use of badge scanning APP there is a hard-coded default passwords. This year, RSA 2 0 1 6 The participants will get a unique surprise: the General Assembly, as many manufacturers offer a Samsung...
Apache Struts vulnerable to cross-site scripting
Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC...
CVE-2014-2388
The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via 1 a session over a Wi-Fi network or 2 a session over a...
Design/Logic Flaw
The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via 1 a session over a Wi-Fi network or 2 a session over a...
CVE-2014-2388
The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via 1 a session over a Wi-Fi network or 2 a session over a...
Progress 3.1 Webspeed _CPYFile.P Unauthorized Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23634/info Progress WebSpeed is prone to a vulnerability that lets attackers gain unauthorized access to and execute administrative scripts. An attacker may leverage this issue to create and execute malicious WebSpeed cod...
n.runs-SA-2013.001 - Polycom - Command Shell Grants System-Level Access
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.001 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom Command Shell Grants System-Level Access Risk: LOW Overview: The Polycom Command Shell ...
Apache Struts remote command execution and arbitrary file overwrite vulnerabilities-vulnerability warning-the black bar safety net
Release Date: 2 0 1 2 year 0 1 month 0 8 day Affected Software and systems Apache Struts 2.3.1 and following versions Vulnerability description Apache Struts is a development of Java Web application open source Web application framework. Apache Struts in the realization of the presence of the...
Enable Web Sudo to work with other single-sign-on solutions
Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...
Enable Web Sudo to work with other single-sign-on solutions
Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...
SilverStripe CMS Running in Development Mode
The SilverStripe CMS install hosted on the remote web server appears to be running in development mode. When running in development mode, debugging tools are accessible without authentication, which could enable an attacker to gain sensitive information relating to the application. %NASLMINLEVEL...
Apache Struts 2 devMode Information Disclosure
The remote web server is using Apache Struts 2, a web application framework for developing Java EE web applications. The version of Apache Struts 2 installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web...
WebSpeed Development Mode Check
The remote web server is using WebSpeed, a website creation language used with database-driven websites. The installation of WebSpeed on the remote host is configured to operate in 'Development' rather than 'Production' mode, which could allow users to discover sensitive information and even run...
WebSpeed Workshop Arbitrary Command Execution
The remote web server appears to be using WebSpeed, a website creation language used with database-driven websites. The installation of WebSpeed on the remote host is configured to operate in 'Development' mode and allows access to the WebSpeed Workshop, an environment intended for developing...