43 matches found
EUVD-2020-0856
Malware in sbrugna...
CVE-2025-41242 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers
Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...
Apache Struts File Upload Vulnerability
Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts has a file upload...
Design/Logic Flaw
Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the sails.io.js client...
Apache Struts Denial of Service Vulnerability (CNVD-2023-55432)
Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts there is a denial of...
uBidAuction 2.0.1 Cross Site Scripting
Document Title: =============== uBidAuction v2.0.1 - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2289 Release Date: ============= 2022-01-21 Vulnerability Laboratory ID VL-ID: ==================================== 228...
Debian DLA-2617-1 : php-nette security update
Cyku Hong from DEVCORE discovered that php-nette, a PHP MVC framework, is vulnerable to a code injection attack by passing specially formed parameters to URL that may possibly leading to remote code execution. For Debian 9 stretch, this problem has been fixed in version 2.4-20160731-1+deb9u1. We...
Design/Logic Flaw
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default...
Debian DLA-2403-1 : rails security update
A potential Cross-Site Scripting XSS vulnerability was found in rails, a ruby based MVC framework. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing...
CVE-2020-15227
Removed by vendor...
Debian DLA-2251-1 : rails security update
Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the application. CVE-2020-8164 Strong parameters bypass vector in ActionPack. In some cases us...
Moderate: Red Hat Security Advisory: CloudForms 5.0.1 security, bug fix and enhancement update
An update is now available for CloudForms Management Engine 5.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Moderate: Red Hat Security Advisory: CloudForms 4.7.8 security, bug fix and enhancement update
An update is now available for CloudForms Management Engine 5.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Important: Red Hat Security Advisory: rh-ror42-rubygem-actionpack security update
An update for rh-ror42-rubygem-actionpack is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Important: Red Hat Security Advisory: rh-ror50-rubygem-actionpack security update
An update for rh-ror50-rubygem-actionpack is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
RHEL 6 : Ruby on Rails (RHSA-2013:0153)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0153 advisory. Ruby on Rails is a modelviewcontroller MVC framework for web application development. Action Pack implements the controller and the view components...
Moderate: Red Hat Security Advisory: CloudForms 4.6.5 security, bug fix and enhancement update
An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CVE-2017-16220
wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
Directory traversal
wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
Multiple Security Bypass Vulnerabilities in CakePHP
CakePHP is the United States Cake Software Foundation of a MVC-based architecture , open source Web development framework. The framework has a flexible view caching , automatic generation of CRUD code and other features . CakePHP has multiple security bypass vulnerabilities that can be exploited ...