1165 matches found
CVE-2016-0752
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...
UBUNTU-CVE-2016-0752
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...
CVE-2016-0752
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...
CVE-2016-0752
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing...
Debian DSA-3464-1 : rails - security update
Multiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...
PT-2016-1280 · Ruby +1 · Ruby On Rails +1
Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions prior to 3.2.22.1 Ruby on Rails versions 4.0.x through 4.1.14 Ruby on Rails versions 4.2.x through 4.2.5 Ruby on Rails versions 5.x through 5.0.0.beta1.1 Description: The issue is related to a directory traversal...
Ruby on Rails dynamic rendering remote code execution vulnerability (CVE-2 0 1 6-0 7 5 2)-vulnerability warning-the black bar safety net
If your application uses a dynamic rendering path dynamic render paths, such as render params:id, by a local file include, local file inclusion, and could lead to remote code execution. You can update to the Rails of the latest version, or refactor your controllers to fix the vulnerability. The...
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2877-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2877-1 advisory. A bad cast was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a...
USN-2877-1: Oxide vulnerabilities
A bad cast was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. CVE-2016-1612 An issue was...
Rails Dynamic Render 远程命令执行漏洞 (CVE-2016-0752)
如果你的应用程序使用的动态模版路径 例如: render params:id 那么你的程序将会存在远程代码执行和本地文件包含漏洞. 请把你的 Rails 升级到最新版本, 或者重构你的 controllers。 我们将展示如何在特定环境下使用代码执行和本地包含漏洞去攻击 Ruby on Rails 。 Rails的控制器有包含指定渲染文件的功能,举个例子, 当我们调用 show 方法的时候,如果没有定义其他渲染方法,该框架将会隐藏渲染 show.html.erb 文件。 在绝大多数情况下,开发者会输出不同的格式,例如:文本, JSON, XML 或者其他任何格式,或者查看一个文件,...
Exploit for Path Traversal in Rubyonrails Rails
Exploiting CVE-2016-0752 --- This app serves as a vulnerable Pr...
Remote Code Execution (RCE) And Information Disclosure
Actionpack is vulnerable to information disclosure and remote code execution. This vulnerability affects applications which pass user input directly into the render method in an action view controller without verification. Using this vulnerability, attackers can render files from outside the view...
Possible Information Leak Vulnerability in Action View
There is a possible directory traversal and information leak vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2016-0752. Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1 Impact ------ Applications that...
Possible Information Leak Vulnerability in Action View
There is a possible directory traversal and information leak vulnerability in Action View. This vulnerability has been assigned the CVE identifier CVE-2016-0752. Versions Affected: All. Not affected: None. Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1 Impact ------ Applications that...
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2770-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2770-1 advisory. It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user we...
USN-2770-1: Oxide vulnerabilities
It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. CVE-2015-67...
SUSE: Security Advisory for xorg-x11-server (SUSE-SU-2015:0045-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2011-1359)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ITOP Reflective Cross-Site Scripting Vulnerability
ITOP is an open source web application . ITOP suffers from a reflected cross-site scripting vulnerability. Due to insufficient filtering of input passed to the "/pages/ajax.render.php" script via the "title" HTTP GET parameter, a remote, unauthenticated attacker could trick a logged-in user into...
Moxa SoftCMS IPCam.IPCam_Video_Render_Plugin.1 IVLCControl setRecordPrefix Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setRecordPrefix...