Debian: Security Advisory (DLA-3868-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the `actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb` Ruby interpreter allows a hacker to execute cross-site scripting.

The vulnerability of the actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb Ruby interpreter is related to incorrect handling of input data during web page generation. Exploiting this vulnerability could allow a local attacker to execute cross-site scripting attacks...

The vulnerability of the Ruby on Rails software platform lies in the improper handling of input data during web page generation, which allows attackers to perform cross-site scripting attacks.

The vulnerability of the Ruby on Rails software platform is related to improper handling of input data during the generation of web pages. Exploiting this vulnerability allows an attacker to perform cross-site scripting attacks...

The vulnerability of the Active Storage component in the Ruby on Rails software framework allows unauthorized individuals to access confidential information. This vulnerability enables attackers to obtain sensitive data.

The vulnerability of the Active Storage component in the Ruby on Rails programming framework relates to the sending of Set-Cookie headers along with user session cookies when handling large binary objects. Exploiting this vulnerability can allow attackers to obtain confidential information...

DLA-3866-1 ruby-tzinfo - security update

Bulletin has no description...

Debian dla-3866 : ruby-tzinfo - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3866 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3866-1 [email protected] https://www.debian.org/lts/security/...

Debian dla-3868 : ruby-nokogiri - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3868 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3868-1 [email protected] https://www.debian.org/lts/security/...

DLA-3868-1 ruby-nokogiri - security update

Bulletin has no description...

[SECURITY] [DLA 3858-1] ruby2.7 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3858-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 02, 2024 https://wiki.debian.org/LTS -...

DLA-3858-1 ruby2.7 - security update

Bulletin has no description...

GitLab GraphQL API User Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab GraphQL API User Enumeration', 'Description' = %q This module queries the GitLab GraphQL API without authentication to acquire the list of...

Ruby On Rails JSON Processor YAML Deserialization Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby on Rails JSON Processor YAML Deserialization Scanner', 'Description' = %q This module attempts to identify Ruby on Rails instances vulnerabl...

Ruby On Rails XML Processor YAML Deserialization Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby on Rails XML Processor YAML Deserialization Scanner', 'Description' = %q This module attempts to identify Ruby on Rails instances vulnerable...

Ruby WEBrick::HTTP::DefaultFileHandler Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby WEBrick::HTTP::DefaultFileHandler DoS', 'Description' = %q The WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6...

Nuuo Central Management Server Authenticated Arbitrary File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nuuo Central Management Server Authenticated Arbitrary File Download', 'Description' = %q The Nuuo Central Management Server allows an...

Apple TV Video Remote Control

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'Apple TV Video Remote Control', 'Description' = %q This module plays a video on an AppleTV device. Note that AppleTV can be somewha...

Ruby on Rails JSON Processor Floating Point Heap Overflow Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby on Rails JSON Processor Floating Point Heap Overflow DoS', 'Description' = %q When Ruby attempts to convert a string representation of a lar...

Ruby On Rails File Content Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Ruby On Rails File Content Disclosure 'doubletap'", 'Description' = %q This module uses a path traversal vulnerability in Ruby on Rails versions ...

Ruby On Rails Devise Authentication Password Reset

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/element' class MetasploitModule 'Ruby on Rails Devise Authentication Password Reset', 'Description' = %q The Devise authentication gem for Ruby on Rails i...

Ruby on Rails Action View MIME Memory Exhaustion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby on Rails Action View MIME Memory Exhaustion', 'Description' = %q This module exploits a Denial of Service DoS condition in Action View that...