SUSE CVE-2011-0448

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument...

Ruby on Rails安全限制绕过和SQL注入漏洞

BUGTRAQ ID: 46292 CVE ID: CVE-2011-0448,CVE-2011-0449 Ruby on Rails简称RoR 或Rails，是一个使用Ruby语言写的开源Web应用框架，它是严格按照MVC结构开发的。 Ruby on Rails在实现上存在安全限制绕过和SQL注入漏洞，攻击者可利用安全限制绕过漏洞绕过某些安全限制和执行未授权操作，利用SQL注入漏洞修改SQL请求，完全控制受影响软件，检索信息或修改数据。 Ruby on Rails Ruby on Rails 3.x 厂商补丁： Ruby on Rails -------------...

Fedora 15 : rubygem-actionmailer-3.0.5-1.fc15 / rubygem-actionpack-3.0.5-1.fc15 / etc (2011-4358)

Update to the Rails 3.0.5 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenabl...

CVE-2011-0448

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument...

CVE-2011-0448

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument...

CVE-2011-0448

Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument...

CVE-2011-0448

CVE-2011-0448 : Rails 3.0.x before 3.0.4 is vulnerable to SQL injection because the limit(argument) accepts non-numeric values, allowing remote attackers to inject SQL via a non-numeric argument. Documents confirm the affected component is Ruby on Rails and cite the specific flaw in the limit fun...