Skip to main content
CVE-2016-0752 HIGH POC KEV PATCH THREAT Act Now

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Path Traversal
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
91.1%
Threat
7.2
CVE-2016-2389 HIGH POC THREAT Act Now

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 83.7%.

Path Traversal SAP Netweaver
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
83.7%
Threat
5.5
CVE-2015-7581 HIGH PATCH This Week

actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rails
NVD
CVSS 3.0
7.5
EPSS
7.1%
CVE-2016-0751 HIGH PATCH This Week

actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rails Ruby On Rails
NVD
CVSS 3.0
7.5
EPSS
6.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy