Month: October 2017

2 Posts

Featured

Wpmaster

[omniauth-oauth2] omniauth-oauth2 Cross-Site Request Forgery vulnerability

Wpmaster

[puppet] Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service

[omniauth-oauth2] omniauth-oauth2 Cross-Site Request Forgery vulnerability

Posted inMODERATE
Posted byWpmaster
10/25/201701/26/2023

Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem prior to 1.1.1 for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.
References

https://nvd.nist.gov/vuln/detail/CVE-20…

[puppet] Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service

Posted inMODERATE
Posted byWpmaster
10/25/201710/05/2022

Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service. …

TechMedia

Month: October 2017

Featured

[omniauth-oauth2] omniauth-oauth2 Cross-Site Request Forgery vulnerability

[puppet] Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service

[omniauth-oauth2] omniauth-oauth2 Cross-Site Request Forgery vulnerability

[puppet] Puppet allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service

Archives