13 matches found
EUVD-2017-0297
Malware in sbrugna...
CVE-2025-53709
Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...
Microweber vulnerable to cross-site scripting (XSS)
microweber/microweber prior to 1.3.3 is vulnerable to cross-site scripting XSS in the template selection while changing a group template...
GHSA-F4G6-C47X-QHWW Microweber vulnerable to cross-site scripting (XSS)
microweber/microweber prior to 1.3.3 is vulnerable to cross-site scripting XSS in the template selection while changing a group template...
actionpack Improper Input Validation vulnerability
The template selection functionality in actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping...
Improper Input Validation
The template selection functionality in actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping...
Filter Skipping Vulnerability in Ruby on Rails 3.0/actionpack
The template selection functionality in actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping...
PVS XDSW "Cannot connect to the Hypervisor, object reference not set as an Instance"
When running XDSW, customer encountered generic error "Cannot connect to the Hypervisor, object reference not set as an Instance" This error was encountered just at the stage when the expected screen would be template selection...
CVE-2011-2929
The template selection functionality in actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping...
Spoofing
The template selection functionality in actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping...
CVE-2011-2929
CVE-2011-2929 affects Ruby on Rails: the template selection in actionpack/lib/action_view/template/resolver.rb mishandles glob characters in Rails 3.0.x (pre-3.0.10) and 3.1.x (pre-3.1.0.rc6), enabling remote attackers to render arbitrary views via a crafted URL. This is due to a filter skipping ...
CVE-2011-2929
The template selection functionality in actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping...
CVE-2011-2929
The template selection functionality in actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping...