実証実験で裏付けされた「有効なトレーニング」平岩幹男博士と笹田哲教授が監修。 発達性協調運動障害(D…
[pdfkit] PDFKit Improper Input Validation vulnerability
Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability
References
https://nvd.nist.gov/vuln/detail/CVE-2013-1607
https://exchange.xforce.ibmcloud.com/vulnerabilities/82563
https://web.archive.org/web/20200229104225/https://www.securityfocus…
[features] Features file injection vulnerability
File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.
References
https://nvd.nist.gov/vuln/detail/CVE-2013-4318
https://security-tracker.debian.org/tracker/CVE-2013-4318
http://…
[omniauth-facebook] omniauth-facebook Improper Authentication vulnerability
RubyGem omniauth-facebook has an access token security vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2013-4593
https://exchange.xforce.ibmcloud.com/vulnerabilities/89040
https://security-tracker.debian.org/tracker/CVE-2013-4593
http:/…
[cakephp/cakephp] CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with %00 and a…
[cakephp/cakephp] Cross-site scripting (XSS) vulnerability in CakePHP
Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 (“Not Found”) error page. NOTE: some of these deta…