Lucene search
K

28 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2013/02/12 11:4 a.m.65 views

ruby on rails to 2.3.16 (important)

This update updates the RubyOnRails 2.3 stack to 2.3.16. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed. CVE-2012-2695: A SQL injection via nested hashes in conditions w...

7.5CVSS3.1AI score0.99449EPSS
Exploits27References9
RedHat Linux
RedHat Linux
added 2013/01/10 10:32 p.m.4 views

rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7.2AI score0.05673EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2013/01/10 8:39 p.m.4 views

rubygem-actionpack: Unsafe query generation

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.2AI score0.046EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/10 8:39 p.m.4 views

rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS7.2AI score0.05673EPSS
Exploits1References4
RubySec
RubySec
added 2013/01/08 12:0 a.m.50 views

CVE-2013-0155 rubygem-actionpack, rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails

Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...

6.4CVSS3.9AI score0.05673EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2012/12/04 7:24 p.m.3 views

rubygem-actionpack: Unsafe query generation

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.2AI score0.046EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/12/04 7:24 p.m.3 views

rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

4.3CVSS7.2AI score0.04091EPSS
Exploits2References4
RubySec
RubySec
added 2012/05/31 12:0 a.m.44 views

CVE-2012-2660 rubygem-actionpack: Unsafe query generation

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.2AI score0.046EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder