4378 matches found
CVE-2007-5380
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."...
CVE-2007-5379
CVE-2007-5379 affects Ruby on Rails installations using Rails prior to 1.2.4. The vulnerability stems from Hash.from_xml (Hash#from_xml) using XmlSimple unsafely, enabling remote attackers to determine the existence of arbitrary files and read arbitrary XML files (e.g., passwords from Pidgin .pur...
Ruby on Rails < 1.2.5 Multiple Vulnerabilities
Binary data 4248.prm...
Ruby on Rails Version Detection
Binary data 4247.prm...
rubygem-rails -- JSON XSS vulnerability
Rails core team reports: All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5, though it isn't strictly necessary if you aren't working with JSON. For more information the JSON vulnerability, see CVE-2007-3227...
Cross site scripting
Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...
DEBIAN-CVE-2007-3227
Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...
CVE-2007-3227
Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...
CVE-2007-3227
Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...
CVE-2007-3227
Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...
CVE-2007-3227
The CVE-2007-3227 entry describes a Cross-site scripting (XSS) vulnerability in Rails: the to_json (ActiveRecord::Base#to_json) function allows injecting arbitrary script via input values. Affected software is Ruby on Rails prior to the edge 9606 release; exploitation could occur remotely through...
CVE-2007-3227
Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...
CVE-2007-3227
Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...
Ruby on Rails 1.2.3 To_JSON - Script Injection
Ruby on Rails 1.2.3 ToJSON - Script Injection source: https://www.securityfocus.com/bid/24161/info Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied...
Ruby on Rails 1.2.3 To_JSON - Script Injection
source: https://www.securityfocus.com/bid/24161/info Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied script code would run in the context of the...
Cross site scripting in mephisto 0.7.3
Cross site scripting in mephisto 0.7.3 security advisory References: http://www.mephistoblog.com https://vulners.com/cve/CVE-2007-1873 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be used to steal sessio...
CVE-2007-1873.txt
Cross site scripting in mephisto 0.7.3 security advisory References: http://www.mephistoblog.com http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1873 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can b...
GLSA-200608-20 : Ruby on Rails: Several vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200608-20 Ruby on Rails: Several vulnerabilities The Ruby on Rails developers have corrected some weaknesses in actioncontroller/, relative to the handling of the user input and the LOADPATH variable. A remote attacker could injec...
CVE-2006-4112
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service application hang or "data loss," a differen...
CVE-2006-4112
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service application hang or "data loss," a differen...