101 matches found
CakePHP 2.3.7 / 2.2.8 Local File Inclusion
CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...
Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products
Apache Struts2 is a second-generation and enterprise-ready Java web application framework based on the Model-View-Controller MVC architecture. This advisory describes four vulnerabilities of Apache Struts 2.0.0 - 2.3.15. Huawei products and applications using the above versions of Apache Struts a...
Fedora Update for perl-Dancer FEDORA-2013-9961
Check for the Version of perl-Dancer OpenVAS Vulnerability Test Fedora Update for perl-Dancer FEDORA-2013-9961 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
Fedora Update for perl-Dancer FEDORA-2013-9950
Check for the Version of perl-Dancer OpenVAS Vulnerability Test Fedora Update for perl-Dancer FEDORA-2013-9950 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
analyze_cookies
This plugin greps every response for session cookies that the web application sends to the client, and analyzes them in order to identify potential vulnerabilities, the remote web application framework and other interesting information. Plugin type Grep Options This plugin doesnt have any user...
struts 2.3.14.2 命令执行漏洞
Apache Struts框架是一个基于Java Servlets,JavaBeans和JavaServer PagesJSP的Web应用框架的开源项目,Struts基于Model-View-ControllerMVC的设计模式,可以用来构件复杂的Web应用.Apache Struts 2.3.14.3(不含)以前版本中, 利用Action名字的模糊匹配特性可以触发命令执行攻击。 Struts 2.3.14.3...
Ruby on Rails 远程代码执行漏洞(CVE-2013-0277)
BUGTRAQ ID: 57898 CVECAN ID: CVE-2013-0277 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails 3.x、2.3.x中的活动记录允许远程攻击者通过特制的序列化属性造成拒绝服务或执行任意代码,这些特制的属性可造成+serialize+ helper反序列化任意YAML。 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 2.3.x 厂商补丁: Ruby on Rails...
Ruby on Rails XML Processor YAML Deserialization
Added: 02/15/2013 CVE: CVE-2013-0156 BID: 57187 OSVDB: 89026 Background Ruby on Rails is a full stack, Web application framework optimized for sustainable programming productivity, allowing writing sound code by favoring convention over configuration. Problem Ruby on Rails versions prior to 2.3.1...
Exploit Code, Metasploit Module Out for Ruby on Rails Flaws
Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proof-of-concept exploit code for a couple of the flaws and the team at Metasploit have released a module for the penetration testing framework that exploit one of the bugs, as...
Ruby on Rails Authlogic gem SQL注入漏洞
CVE ID: CVE-2012-5664 Ruby on Rails是一款Web应用程序框架,构建在Ruby语言之上 AuthLogic gem实现存在一个SQL注入漏洞,如果Ruby on Rails应用使用AuthLogic gem进行验证,并且攻击者在能访问Rails应用的私钥的情况下,可绕过安全限制进行未授权访问 0 Ruby on Rails 厂商补丁: Ruby on Rails ---------- 目前没有详细解决方案提供: http://rubygems.org/gems/authlogic...
Bitweaver 2.8.1 Multiple Vulnerabilities
Finding 1: Local File Inclusion Vulnerability CVE: CVE-2012-5192 Finding 2: Multiple XSS Vulnerabilities in Bitweaver CVE: CVE-2012-5193 Trustwave SpiderLabs Security Advisory TWSL2012-016: Multiple Vulnerabilities in Bitweaver Published: 10/23/2012 Version: 1.0 Vendor: Bitweaver...
Ruby 本地文件创建漏洞(CVE-2012-4522)
Bugtraq ID:56115 CVE ID:CVE-2012-4522 Ruby on Rails是一款Web应用程序框架,构建在Ruby语言之上。 Ruby的文件创建函数存在安全漏洞,允许攻击者在文件路径中注入非法NULs创建恶意文件。 0 Yukihiro Matsumoto Ruby 1.9.3 dev Yukihiro Matsumoto Ruby 1.9.2 RC2 Yukihiro Matsumoto Ruby 1.9.2 P180 Yukihiro Matsumoto Ruby 1.9.2 P136 Yukihiro Matsumoto Ruby 1.9.2 P0...
Fedora Update for php-symfony-symfony FEDORA-2012-8966
Check for the Version of php-symfony-symfony OpenVAS Vulnerability Test Fedora Update for php-symfony-symfony FEDORA-2012-8966 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...
SQL Injection Vulnerability in Ruby on Rails
CVE-2012-2661 Ruby on Rails是一款Web应用程序框架,构建在Ruby语言之上 存在一个SQL注入漏洞,问题存在于Active Record处理嵌套查询参数,攻击者可以使用特制请求注入SQL语句。 受影响代码直接把请求参数传递给ActiveRecord类的where方法,如Post.where:id = params:id.all。攻击者可以提交请求使params:id返回特制哈希使WHERE子句使用某些值查询任意表 Impacted code directly passes request params to the where method of an...
Ruby on Rails多个跨站脚本执行漏洞
BUGTRAQ ID: 52264 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 通过SafeBuffer直接操作传递的输入没有正确过滤,通过手动生成的选择标签传递的某些输入没有正确过滤,导致在用户浏览器中执行任意HTML和脚本代码 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 3.0.x 厂商补丁: Ruby ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ruby-lang.org/...
Microsoft Silverlight Installed (Mac OS X)
A version of Microsoft Silverlight is installed on this host. Microsoft Silverlight is a web application framework that provides functionalities similar to those in Adobe Flash, integrating multimedia, graphics, animations and interactivity into a single runtime environment. TRUSTED...
Apache Struts session tampering with the security restrictions bypass vulnerability-vulnerability warning-the black bar safety net
Release date: 2011-01-01 Update date: 2011-12-16 Affected system: The Apache Group Struts 2.1.8 .1 The Apache Group Struts 2.0.9 Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 5 0 9 4 0 Apache Struts is a development of Java web...
Debian Security Advisory DSA 2247-1 (rails)
The remote host is missing an update to rails announced via advisory DSA 2247-1. OpenVAS Vulnerability Test $Id: deb22471.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2247-1 rails Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian: Security Advisory (DSA-2239-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-2239-1 libmojolicious-perl - several
Bulletin has no description...