Code injection

Red Hat CloudForms 2 Management Engine CFME allows remote attackers to conduct session tampering attacks by leveraging use of a static secrettoken.rb secret...

Ruby on Rails - Known Secret Session Cookie Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank =...

Sql injection

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...

CVE-2012-6497

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...

CVE-2012-6497

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...

CVE-2012-3503

The CVE-2012-3503 issue affects Katello 1.0 and earlier, where the katello-common installation script fails to generate a unique Application.config.secret_token. As a result, every default installation uses the same secret_token, allowing a remote attacker to create a cookie and authenticate to t...