16 matches found
EUVD-2019-0607
Malware in sbrugna...
EUVD-2020-0646
Malware in sbrugna...
CVE-2020-16252
The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF...
多款Qualcomm产品缓冲区错误漏洞
Qualcomm MDM9650 and others are products of Qualcomm Incorporated, U.S.A. The MDM9650 is a central processing unit CPU product.The QCA6574AU is a central processing unit CPU product.The SDX24 is a modem. A security vulnerability exists in various Qualcomm components that originates from improper...
Field Test gem Cross-Site Request Forgery Vulnerability
Field Test gem is an A/B testing software package. A cross-site request forgery vulnerability exists in Field Test gem versions 0.2.0 through 0.3.2 Ruby. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker coul...
Cross-site Request Forgery (CSRF)
Overview fieldtest is an A/B testing library for Rails. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF with non-session based authentication methods. Remediation Upgrade fieldtest to version 0.4.0 or higher. References - GitHub Issue...
GHSA-W542-CPP9-R3G7 Field Test CSRF vulnerability
The Field Test dashboard is vulnerable to cross-site request forgery CSRF with non-session based authentication methods in versions v0.2.0 through v0.3.2. Impact The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods, like basic authentication. Session-based...
Field Test CSRF vulnerability
The Field Test dashboard is vulnerable to cross-site request forgery CSRF with non-session based authentication methods in versions v0.2.0 through v0.3.2. Impact The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods, like basic authentication. Session-based...
CVE-2020-16252
The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF...
CVE-2020-16252
The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF...
Cross site request forgery (csrf)
The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF...
CVE-2020-16252
The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF...
CVE-2020-16252
The CVE-2020-16252 entry concerns the Field Test gem (Ruby) versions 0.2.0–0.3.2, vulnerable to Cross-Site Request Forgery (CSRF). The issue stems from Rails CSRF protection behavior: protect_from_forgery defaults were effectively unhelpful for non-session authentication, later adjusted to with: ...
CSRF Vulnerability with Non-Session Based Authentication
The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods. Impact The Field Test dashboard is vulnerable to CSRF with non-session based authentication methods, like basic authentication. Session-based authentication methods like Devise's default authentication a...
CVE-2019-13146
The fieldtest gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead...
NOVL-2005010098073 GroupWise Password Caching
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For Immediate Disclosure ============================== Summary ============================== Security Alert: NOVL-2005-10098073 Title: GroupWise Password Caching Date: 16-August-2005 Revision: Original Product Name: GroupWise 5.x, 6.x OS/Platforms:...