CVE-2013-0155

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

CVE-2013-0155

CVE-2013-0155 affects Ruby on Rails, specifically Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11. The vulnerability arises from mismatched parameter handling between Active Record and the JSON implementation, allowing remote attackers to bypass database-query restrictions...

CVE-2013-0155

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

EUVD-2017-0242

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

PHPCMS2008 Yellow Pages module vulnerability-vulnerability warning-the black bar safety net

PHPCMS2008 Yellow Pages module vulnerability variable initialization is not strict lead to arbitrary PHP code execution PHPCMS2008 system string2array function calls eval with high-risk, in/yp/web/include/common. inc. php$menu variable initialization is not strict, the result can be injected to...

SA-CONTRIB-2012-171 - Webmail Plus - SQL injection - (unsupported)

The Webmail plus module is a full-featured email client for Drupal. It's designed to provide email for any or all members of a Drupal site. The module doesn't sufficiently sanitize user input as it is used in a database query. CVE: CVE-2012-5590 Versions affected All Webmail Plus module versions...

aspcms injection+cookie trick and fix-vulnerability warning-the black bar safety net

The vulnerability appears in the /plug/productbuy. asp The received parameter id is not filtered and the resulting injection vulnerability After the injection of the pages jump so fast, it is recommended to use the shortcut copy Proof username /plug/productbuy. asp?...

CVE-2012-2660

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

CVE-2012-2694

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

CVE-2012-2660

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

Race condition

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

CVE-2012-2660

CVE-2012-2660 (Ruby on Rails) is a remote bypass vulnerability where actionpack/ActiveRecord fails to align parameter handling between ActiveRecord and Rack interfaces: Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 allow bypass of database-query restrictions and NULL check...

CVE-2012-2694

CVE-2012-2694 is a Ruby on Rails Active Record/parameter handling weakness where Rails versions 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 fail to align Active Record and Rack parameter handling, enabling remote attackers to bypass query restrictions and perform NULL checks v...

CVE-2012-2660 rubygem-actionpack: Unsafe query generation

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

HP Data Protector LogClientInstallation Method Userid Field SQL Execution

The HP Data Protector DPNECentral web service listening on this port contains a SQL injection vulnerability because it fails to properly sanitize user-supplied input to the userid field of its LogClientInstallation method before using it in a database query. This may allow an attacker to read and...

PT-2012-3148 · Dolibarr · Dolibarr Cms

Name of the Vulnerable Software and Affected Versions: Dolibarr CMS versions 3.2.0 Alpha and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the memberslist parameter in list.php or the rowid parameter in...

WordPress Plugin UPM Polls 1.0.4 - Blind SQL Injection

WordPress Plugin UPM Polls 1.0.4 - Blind SQL Injection Exploit Title: BLIND SQL injection UPM-POLLS wordpress plugin 1.0.4 Google Dork: n/a Date: 04-12-2011 Author: Saif El-Sherei Software Link: http://downloads.wordpress.org/plugin/upm-polls.1.0.4.zip Version: 1.0.4 Tested on: wordpress...

WordPress UPM-POLLS 1.0.4 Blind SQL Injection

Exploit Title: BLIND SQL injection UPM-POLLS wordpress plugin 1.0.4 Google Dork: n/a Date: 04-12-2011 Author: Saif El-Sherei Software Link: http://downloads.wordpress.org/plugin/upm-polls.1.0.4.zip Version: 1.0.4 Tested on: wordpress 3.2.1,Firefox 4, XAMPP Info: Best Plugin to create Polls for yo...

SiteServer 3.4.4 logical vulnerabilities lead to SQL injection-vulnerability warning-the black bar safety net

Author: blue girl The problem is in the UserCenter. Pages. DLL in the Register, the registration process is logical to have problems, as follows: 1. The program put the user name into the database query, if the user name is not repeated, into the second step; 2. Then in the remote detection of th...