CVSS: 7.5EPSS: 1%CPEs: 33EXPL: 0CVE-2006-4111
https://notcve.org/view.php?id=CVE-2006-4111
14 Aug 2006 — Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112. Ruby on Rails anterior a 1.1.5 permite a un atacante remoto ejecutar código Ruby con un impacto "severo" o "serio" a través de una respuesta File Upload con una cabecera HTTP que modifica la variable LOAD_PATH, una vulnerabilidad diferente que CVE-2006-4112. • http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 7%CPEs: 5EXPL: 0CVE-2006-4112
https://notcve.org/view.php?id=CVE-2006-4112
14 Aug 2006 — Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111. Vulnerabilidad no especificada en el "mecanismo de resolución de dependencias" en Ruby on Rails 1.1.0 hasta 1.1.5 permite a un atacante remoto ejecutar código Ruby de su elecció... • http://secunia.com/advisories/21424 •