1. 1
    Rails Directory Traversal Vulnerability With Certain Route Configurations (CVE-2014-0130) ruby security groups.google.com
    jcs avatar via jcs 9 years ago |
    Archive.org Archive.today Ghostarchive
    | no comments

An earlier version of this advisory incorrectly assumed that the only way to trigger this vulnerability was with routes containing ‘*action’. There are additional attack vectors and as a result all users are advised to upgrade to a fixed version as soon as possible.

Stories with similar links:

  1. SFTPGo: a Golang performance story and some questions via inactive-user 3 years ago | 7 points | no comments
  2. Racket2 possibilities via inactive-user 4 years ago | 20 points | 9 comments
  3. PostScript and Interpress: a comparison (1985) via zge 4 years ago | 4 points | no comments
  4. Origins of the finger command via calvin 5 years ago | 21 points | no comments
  5. The NetHack DevTeam is happy to announce the release of NetHack 3.6.1 via intercal 5 years ago | 21 points | 5 comments
  6. CVE-2017-17482: OpenVMS Security Notice for local privilege escalation via dege 5 years ago | 4 points | no comments
  7. Eve (programming language) is winding down via roryokane 5 years ago | 45 points | 12 comments
  8. Go 1.10 Beta 1 is released via av 5 years ago | 6 points | no comments
  9. Termination of the certificates business of Startcom via calvin 5 years ago | 20 points | 1 comment
  10. A new Common Lisp compiler/interpreter in Prolog via rogersm 5 years ago | 11 points | 2 comments
  11. Faster blame on hg.mozilla.org (2016) via JordiGH 5 years ago | 4 points | no comments
  12. Sequel 5.0.0 Released authored by jeremyevans 6 years ago | 13 points | 1 comment
  13. First Language (1998) via yumaikas 6 years ago | 1 point | no comments
  14. Redis 4.0.0 GA via fs111 6 years ago | 12 points | 1 comment
  15. mblaze 0.1, a Maildir-focused command line mail client via duncaen 6 years ago | 23 points | 1 comment
  16. Concerns about Kubernetes Community newcomers via devth 6 years ago | 2 points | 1 comment
  17. Shen has been ported to C via bsima 6 years ago | 3 points | no comments
  18. Vitaly Slobodin steps down as PhantomJS maintainer because of headless Chrome via koehr 6 years ago | 3 points | 2 comments
  19. Symantec again caught issuing suspicious certificates, this time for example.com via kb 6 years ago | 15 points | 1 comment
  20. Ansible: New RCs for Security Bug CVE-2016-9587 via ChrisShort 6 years ago | 1 point | no comments
  21. Mercurial 4.0 Sprint Notes via ngoldbaum 6 years ago | 14 points | 3 comments
  22. Apple's response to the WoSign incidents via inactive-user 6 years ago | 17 points | 6 comments
  23. Happy 25th birthday Linux via mjturner 7 years ago | 7 points | 1 comment
  24. Incidents involving the CA WoSign via lattera 7 years ago | 16 points | 2 comments
  25. Vim 8.0 pre-announcement via romanzolotarev 7 years ago | 21 points | 7 comments
  26. Buford v0.7.0 Apple Push Notifications for Go 1.6 and HTTP/2 authored by nathany 7 years ago | 2 points | no comments
  27. Go 1.7 Beta 1 released via inactive-user 7 years ago | 12 points | no comments
  28. Linus hacks fsck to recover deleted files (1993) via pushcx 7 years ago | 2 points | no comments
  29. Alpha release of Servo to be released in June via ane 7 years ago | 29 points | 7 comments
  30. Git integrity via effdee 7 years ago | 28 points | 2 comments
  31. Multiple Ruby on Rails vulnerabilities via jasper 7 years ago | 3 points | 1 comment
  32. Go 1.5.3 is released via luiz 7 years ago | 8 points | no comments
  33. Go 1.6 Beta 1 is released via nathany 7 years ago | 12 points | 2 comments
  34. Phoenix 1.1 Released via bratsche 7 years ago | 19 points | no comments
  35. Go 1.5.2 is released via nathany 7 years ago | 9 points | 5 comments
  36. Standardising racket's threading macros via zem 7 years ago | 6 points | no comments
  37. Password Hashing Competition Winner: Argon2 via jcs 8 years ago | 15 points | no comments
  38. What is a closure? via rubenbarroso 8 years ago | 7 points | no comments
  39. Linux futex_wait bug via SeanTAllen 8 years ago | 12 points | no comments
  40. JMH vs Caliper reference thread (JVM micro-benchmarking) via tobym 8 years ago | 4 points | no comments
  41. [release] Redis 3.0.0 is out. via joshuacc 8 years ago | 10 points | 3 comments
  42. Golang team is discussing a builtin solution for dependency management via kb 8 years ago | 23 points | 16 comments
  43. The RabbitMQ Team is Hiring - Remote Workers Accepted via old_sound 8 years ago | 2 points | no comments
  44. Go 1.4.1 Released via mreedell 8 years ago | 8 points | no comments
  45. comment on adding conditionals to configuration languages via stuntgoat 8 years ago | 1 point | no comments
  46. Choosing hardware to minimize latency via tobym 8 years ago | 3 points | no comments
  47. Rack, Change of Maintainer & Status via pushcx 9 years ago | 1 point | no comments
  48. Play 2.3.0 Is Released via kellogh 9 years ago | 1 point | no comments
  49. goroutines management via pyk 9 years ago | 1 point | no comments
  50. Proposal to remove StartCom from Mozilla CA truststore via hdevalence 9 years ago | 8 points | no comments
  51. A Simple Run Time Comparison Of AWKs Running A Genetic Algorithm via kmatt 9 years ago | 4 points | no comments
  52. Dotty open-sourced, research platform for new language concepts and compiler technologies for Scala via tobym 9 years ago | 9 points | 1 comment
  53. RubySec Summary of CVE-2013-6393 aka "you're probably vulnerable" via jcs 9 years ago | 3 points | no comments
  54. GHC (the standard Haskell compiler) gets first class iOS support via rbxbx 10 years ago | 5 points | no comments
  55. Play Framework - async by default via tobym 10 years ago | 2 points | no comments
  56. Multiple vulnerabilities in parameter parsing in Action Pack (Rails) (CVE-2013-0156) via jcs 10 years ago | 5 points | 1 comment
  57. golang-weekly issue #4 via nilmethod 11 years ago | 3 points | no comments
  58. Android 4.1 source code released via lynge 11 years ago | 4 points | 2 comments