1518 matches found
Code Injection
pygmentize contains a Remote Code Execution vulnerability...
XSS vulnerability in old test script
Cross-site scripting vulnerability in ADOdb allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cookie leakage to wrong origins and non-restricted cookie acceptance
Cookie leakage to wrong origins and non-restricted cookie acceptance...
Cookie leakage, non-restricted cookie acceptance
Cookies of foo.bar.example.com are leaked to foo.bar. Additionally, any site can set cookies for any other site...
Serialization vulnerability
A serialization vulnerability was found in the SocketServer and ServerSocketReceiver components...
Remote Code Execution
There's a Remote Code Execution vulnerability in the highlight function of Pygmentize...
SQL Injection
The qstr method in the PDO driver in the ADOdb Library for PHP might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting...
Possible XSS Vulnerability
There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers...
Unsafe Query Generation Risk
There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155...
HTTP Proxy header vulnerability
httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. See provided link...
Security Misconfiguration Vulnerability
There's an improper default directory umask that can potentially allow unauthorized modifications of PHP code...
Possible Information Leak Vulnerability
Applications that pass unverified user input to the render method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: def index; render params:id; end Carefully crafted requests can cause the above code to render files from unexpect...
Cross-site request forgery
Administrate::ApplicationController actions don't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf...
Possible Input Validation Circumvention
Code that uses Active Model based models including Active Record models and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacte...
Nested attributes rejection proc bypass
When using the nested attributes feature in Active Record you can prevent the destruction of associated records by passing the allowdestroy: false option to the acceptsnestedattributesfor method. The allowdestroy flag prevents the :rejectif proc from being called because it assumes that the recor...
Improper Access Control
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...
Settings leak in date template filter
If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format. e.g. SECRETKEY instead of j/m/Y...
Possible Denial of Service
Specially crafted XML documents can cause applications to raise a SystemStackError and potentially cause a denial of service attack. This nonly impacts applications using REXML or JDOM as their XML processor. Other XML processors that Rails supports are not impacted...
XSS Vulnerability in ActiveSupport::JSON.encode
When a Hash containing user-controlled data is encoded as JSON either through Hashtojson or ActiveSupport::JSON.encode, Rails does not perform adequate escaping that matches the guarantee implied by the escapehtmlentitiesinjson option which is enabled by default. If this resulting JSON string is...
DOS by filling session store
The session backends created a new empty record in the session storage anytime request.session was accessed and there was a session key provided in the request cookies that didn't already have a session record. This could allow an attacker to easily create many new session records simply by sendi...
Header injection via multi-lines input
Some built-in validators django.core.validators.EmailValidator, most seriously don't prohibit newline characters due to the usage of $ instead of \Z in the regular expressions. If you use values with newlines in HTTP response or email headers, you can suffer from header injection attacks...
DOS via URL validation
django.core.validators.URLValidator includes a regular expression that was extremely slow to evaluate against certain inputs...
Improper Restriction of XML External Entity Reference
XML external entity XXE vulnerability in the SVG to PNG and JPG conversion classes in Apache Batik allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file...
Textile Link Parsing XSS
RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting XSS attack. This flaw exists because the program does not validate input when parsing textile links before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute...
Cryptographic Issues
Certificates.java in Not Yet Commons SSL does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Incomplete List of Disallowed Inputs
A flaw in the iptype function is triggered when handling octal encoding. This may allow a remote attacker to bypass the IP exclusion feature...
Object Injection
A flaw in Active Job that can allow string arguments to be deserialized as if they were Global IDs. This may allow a remote attacker to inject arbitrary objects...
Strong Parameter bypass with create_with
The createwith functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection...
SQL Injection Vulnerabilities Affecting PostgreSQL
SQLi vulnerability in activerecord...
Incorrect Default Permissions
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with jinja2 in /tmp...
Caches may be allowed to store and serve private data
Django contains a flaw that is triggered as the program improperly removes Vary and Cache-Control headers from HTTP responses during a reply to a request from some older versions of Internet Explorer or the Chrome Frame client. This may allow a context-dependent attacker to gain access to...
Malformed URLs from user input incorrectly validated
The validation for redirects does not correctly validate some malformed URLs, which are accepted by some browsers. This allows a user to be redirected to an unsafe URL unexpectedly...
Local File inclusion
A local file inclusion is possible by specifying full path to any desired file in the Kickstart value in Cobbler's WebUI...
Remote Command Injection
Unsanitized input is passed to the shell. A malicious user can inject shell commands by sending shell meta characters like ';' in some variables...
Unexpected code execution using reverse()
Django incorrectly handle dotted Python paths when using the django.core.urlresolvers.reverse function. An attacker can use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution...
MySQL typecasting
When using a MySQL database, Django don't perform explicit conversion of the fields: FilePathField GenericIPAddressField IPAddressField If a query is performed without first converting values to the appropriate type, this can produce unexpected results, similar to what would occur if the query...
Caching of anonymous pages could reveal CSRF token
Django incorrectly cache certain pages that contain CSRF cookies. An attacker can possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ backslash characters that are not properly handle...
Improper Input Validation
actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...
XSS Vulnerability in simple_format helper
The simpleformat helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass...
XSS Vulnerability in number_to_currency
The numbertocurrency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack...
Reflective XSS Vulnerability
There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to...
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
Due to the way that Rack::Request and Rails::Request interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameter...
Possible DoS Vulnerability
A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: "some string userinput" % somenumber...
DOS via large passwords
The authentication framework django.contrib.auth computes the hash of a password each time a user attempts to log in, no matter the length of the password. Thus, a remote attacker can cause a denial of service CPU consumption by repeatedly submitting long passwords...
Directory traversal with ssi template tag
Directory traversal vulnerability allows remote attackers to read arbitrary files via a file path in the ALLOWEDINCLUDEROOTS setting followed by a .. in a ssi template tag...
Passwordless login
Users are able to log themselves in with a blank password, even for users who are NOT currently in the users table ie have never previously logged in...
Symbol DoS vulnerability in Active Record
When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce params:name to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use on...
XML Parsing Vulnerability affecting JRuby users
There is a vulnerability in the JDOM backend to ActiveSupport's XML parser. you should upgrade or use one of the work arounds immediately...
XSS vulnerability in sanitize_css in Action Pack
Carefully crafted text can bypass the sanitization provided in the sanitizecss method in Action Pack...