Lucene search
K

308 matches found

Cvelist
Cvelist
added 2018/02/18 6:0 a.m.19 views

CVE-2018-7212

An issue was discovered in rack-protection/lib/rack/protection/pathtraversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters...

5.2AI score0.01874EPSS
Exploits0References2
CVE
CVE
added 2018/02/18 6:0 a.m.74 views

CVE-2018-7212

CVE-2018-7212 (Sinatra/Rack-Protection) affects Sinatra 2.x on Windows prior to 2.0.1. The issue resides in rack-protection/lib/rack/protection/path_traversal.rb, enabling path traversal through backslash characters. Impact is directory/file access on the host system where Windows path separators...

5.3CVSS5.2AI score0.01874EPSS
Exploits0References2Affected Software1
RubySec
RubySec
added 2018/01/09 12:0 a.m.18 views

sinatra ruby gem path traversal via backslash characters on Windows

An issue was discovered in rack-protection/lib/rack/protection/pathtraversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters...

5.3CVSS5.2AI score0.01874EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2016/12/22 7:10 a.m.29 views

Timing Attack

sinatra is vulnerable to timing attacks. This vulnerability is caused because the csrf tokens are not compared in constant time, allowing malicious users to guess the valid csrf tokens based on the time that a comparison takes...

5.9CVSS6.4AI score0.02489EPSS
Exploits0References2Affected Software2
Kitploit
Kitploit
added 2016/03/26 7:0 p.m.16 views

Rack-Bug - Debugging Toolbar For Rack Applications Implemented As Middleware

Rack::Bug adds a diagnostics toolbar to Rack apps. When enabled, it injects a floating div allowing exploration of logging, database queries, template rendering times, etc. Features Password-based security IP-based security Rack::Bug instrumentation/reporting is broken up into panels. Panels in...

7.9AI score
Exploits0References1
Fedora
Fedora
added 2015/08/27 6:31 p.m.44 views

[SECURITY] Fedora 23 Update: rubygem-rest-client-1.8.0-1.fc23

A simple HTTP and REST client for Ruby, inspired by the Sinatra microframew ork style of specifying actions: get, put, post, delete...

9.8CVSS0.5AI score0.04345EPSS
Exploits0
Kitploit
Kitploit
added 2015/01/21 4:34 p.m.21 views

Gitrob - Reconnaissance tool for GitHub organizations

Gitrob is a command line tool that can help organizations and security professionals find such sensitive information. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files, that typically contain sensitive or dangerous...

7.1AI score
Exploits0References1
myhack58
myhack58
added 2014/04/15 12:0 a.m.11 views

Weak randomization seeds of vulnerability science-vulnerability warning-the black bar safety net

0x00 background Last week I attended a Bishop Fox and the BYU University organized CTF game, during the race I decided to try out the invasion about the scoring system, and I took intrusion of the recording process down. Although the client token cheat is not nothing new, but this time the invasi...

6.7AI score
Exploits0
Rows per page
Query Builder