2 matches found
Re: Project Pier Web Vulnerabilities
Mitre has assigned the following CVE's for these issues in Project Pier: XSS: CVE-2013-3635 Session cookies lack HttpOnly flag: CVE-2013-3636 Session cookies lack Secure flag: CVE-2013-3637 On Tue, May 21, 2013 at 9:26 PM, the infinitenigma [email protected] wrote: Summary...
Curl Ruby Gem Remote command execution
Curl Ruby Gem Remote command execution 3/12/2013 https://github.com/tg0/curl Specially crafted URLs can result in remote code execution: In ./lib/curl.rb the following lines: 131 cmd = "curl cookiesstore browsertype @setupparams ref "url" " 132 if @debug 133 puts cmd.red 134 end 135 result =...