Lucene search
K

4378 matches found

Debian CVE
Debian CVE
added 2007/10/19 11:0 p.m.41 views

CVE-2007-5380

Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."...

6.8CVSS6.4AI score0.03576EPSS
Exploits0
CVE
CVE
added 2007/10/19 11:0 p.m.89 views

CVE-2007-5379

CVE-2007-5379 affects Ruby on Rails installations using Rails prior to 1.2.4. The vulnerability stems from Hash.from_xml (Hash#from_xml) using XmlSimple unsafely, enabling remote attackers to determine the existence of arbitrary files and read arbitrary XML files (e.g., passwords from Pidgin .pur...

5CVSS9.3AI score0.03969EPSS
Exploits0References13Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.17 views

Ruby on Rails < 1.2.5 Multiple Vulnerabilities

Binary data 4248.prm...

6.8CVSS7.3AI score0.03969EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.14 views

Ruby on Rails Version Detection

Binary data 4247.prm...

7.3AI score
Exploits0References1
FreeBSD
FreeBSD
added 2007/10/12 12:0 a.m.48 views

rubygem-rails -- JSON XSS vulnerability

Rails core team reports: All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5, though it isn't strictly necessary if you aren't working with JSON. For more information the JSON vulnerability, see CVE-2007-3227...

4.3CVSS6.3AI score0.03683EPSS
Exploits1
Prion
Prion
added 2007/06/14 11:30 p.m.24 views

Cross site scripting

Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...

4.3CVSS5.9AI score0.03683EPSS
Exploits1References13Affected Software1
OSV
OSV
added 2007/06/14 11:30 p.m.4 views

DEBIAN-CVE-2007-3227

Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...

4.3CVSS6.3AI score0.03683EPSS
Exploits1References1
OSV
OSV
added 2007/06/14 11:30 p.m.8 views

CVE-2007-3227

Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...

5.6AI score
Exploits0References13
UbuntuCve
UbuntuCve
added 2007/06/14 11:30 p.m.34 views

CVE-2007-3227

Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...

4.3CVSS6.1AI score0.03683EPSS
Exploits1References1
NVD
NVD
added 2007/06/14 11:30 p.m.18 views

CVE-2007-3227

Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...

4.3CVSS5.6AI score0.03683EPSS
Exploits1References13
CVE
CVE
added 2007/06/14 11:0 p.m.103 views

CVE-2007-3227

The CVE-2007-3227 entry describes a Cross-site scripting (XSS) vulnerability in Rails: the to_json (ActiveRecord::Base#to_json) function allows injecting arbitrary script via input values. Affected software is Ruby on Rails prior to the edge 9606 release; exploitation could occur remotely through...

4.3CVSS5.5AI score0.03683EPSS
Exploits1References13Affected Software1
Debian CVE
Debian CVE
added 2007/06/14 11:0 p.m.56 views

CVE-2007-3227

Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...

4.3CVSS5.7AI score0.03683EPSS
Exploits1
Cvelist
Cvelist
added 2007/06/14 11:0 p.m.29 views

CVE-2007-3227

Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...

5.5AI score0.03683EPSS
Exploits1References13
exploitpack
exploitpack
added 2007/05/25 12:0 a.m.14 views

Ruby on Rails 1.2.3 To_JSON - Script Injection

Ruby on Rails 1.2.3 ToJSON - Script Injection source: https://www.securityfocus.com/bid/24161/info Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied...

7.7AI score
Exploits0
Exploit DB
Exploit DB
added 2007/05/25 12:0 a.m.25 views

Ruby on Rails 1.2.3 To_JSON - Script Injection

source: https://www.securityfocus.com/bid/24161/info Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied script code would run in the context of the...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/04/13 12:0 a.m.64 views

Cross site scripting in mephisto 0.7.3

Cross site scripting in mephisto 0.7.3 security advisory References: http://www.mephistoblog.com https://vulners.com/cve/CVE-2007-1873 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be used to steal sessio...

4.3CVSS6.2AI score0.02216EPSS
Exploits1
Packet Storm
Packet Storm
added 2007/04/12 12:0 a.m.42 views

CVE-2007-1873.txt

Cross site scripting in mephisto 0.7.3 security advisory References: http://www.mephistoblog.com http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1873 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can b...

4.3CVSS6.6AI score0.02216EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2006/08/21 12:0 a.m.46 views

GLSA-200608-20 : Ruby on Rails: Several vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200608-20 Ruby on Rails: Several vulnerabilities The Ruby on Rails developers have corrected some weaknesses in actioncontroller/, relative to the handling of the user input and the LOADPATH variable. A remote attacker could injec...

7.5CVSS5.8AI score0.02883EPSS
Exploits0References5
NVD
NVD
added 2006/08/14 9:4 p.m.17 views

CVE-2006-4112

Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service application hang or "data loss," a differen...

7.5CVSS7.3AI score0.02883EPSS
Exploits0References11
OSV
OSV
added 2006/08/14 9:4 p.m.9 views

CVE-2006-4112

Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service application hang or "data loss," a differen...

7.3AI score
Exploits0References14
Rows per page
Query Builder