Skip to main content
CVE-2016-0752 HIGH POC KEV PATCH THREAT Act Now

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Path Traversal
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
91.1%
Threat
7.2
CVE-2016-2386 CRITICAL POC KEV THREAT Emergency

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

SAP SQLi
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
44.0%
Threat
6.3
CVE-2016-2388 MEDIUM POC KEV THREAT This Month

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java SAP Information Disclosure
NVD Exploit-DB VulDB
CVSS 3.1
5.3
EPSS
62.3%
Threat
5.9
CVE-2016-2389 HIGH POC THREAT Act Now

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 83.7%.

Path Traversal SAP Netweaver
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
83.7%
Threat
5.5
CVE-2015-7581 HIGH PATCH This Week

actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rails
NVD
CVSS 3.0
7.5
EPSS
7.1%
CVE-2016-0751 HIGH PATCH This Week

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rails Ruby On Rails
NVD
CVSS 3.0
7.5
EPSS
6.1%
CVE-2016-2387 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Java Netweaver
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7579 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Html Sanitizer
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7578 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Html Sanitizer
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7580 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Html Sanitizer
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-0753 MEDIUM PATCH This Month

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Rails Debian Linux Fedora Leap
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2015-7577 MEDIUM PATCH This Month

activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Rails Ruby On Rails
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2015-7576 LOW PATCH Monitor

The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Rails Ruby On Rails
NVD
CVSS 3.0
3.7
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy