Lucene search
+L

39 matches found

rubygems
rubygems
added 2020/03/14 12:0 a.m.40 views

Sort order SQL injection via `direction` parameter in administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

8.1CVSS3.1AI score0.009EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2020/03/13 9:15 p.m.20 views

CVE-2020-5257

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

8.1CVSS8AI score0.009EPSS
Exploits0References2
osv
osv
added 2020/03/13 9:15 p.m.11 views

CVE-2020-5257

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

8.1CVSS8.4AI score
Exploits0References2
prion
prion
added 2020/03/13 9:15 p.m.19 views

Sql injection

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

5.5CVSS8.3AI score0.009EPSS
Exploits0References2Affected Software1
github
github
added 2020/03/13 9:5 p.m.94 views

Sort order SQL injection in Administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

8.1CVSS4.1AI score0.009EPSS
Exploits0References5Affected Software1
osv
osv
added 2020/03/13 9:5 p.m.49 views

GHSA-2P5P-M353-833W Sort order SQL injection in Administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

7.7CVSS8.3AI score0.009EPSS
Exploits0References5
cvelist
cvelist
added 2020/03/13 9:5 p.m.31 views

CVE-2020-5257 Sort order SQL injection in Administrate

In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...

7.7CVSS8.3AI score0.009EPSS
Exploits0References2
cve
cve
added 2020/03/13 9:5 p.m.134 views

CVE-2020-5257

CVE-2020-5257 affects the Administrate Ruby gem prior to version 0.13.0. The vulnerability arises when sorting by attributes on a dashboard, where the direction parameter was interpolated into an SQL query without validation, potentially enabling SQL injection if an attacker can modify the direct...

8.1CVSS8.1AI score0.009EPSS
Exploits0References2Affected Software1
gitlab
gitlab
added 2020/03/13 12:0 a.m.50 views

SQL Injection

In Administrate rubygem, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord SQL protections. Whils...

8.1CVSS3AI score0.009EPSS
Exploits0References1Affected Software1
fedora
fedora
added 2018/08/08 4:11 p.m.21 views

[SECURITY] Fedora 28 Update: libcgroup-0.41-20.fc28

Control groups infrastructure. The library helps manipulate, control, administrate and monitor control groups and the associated controllers...

8.1CVSS3.1AI score0.02316EPSS
Exploits0
gitlab
gitlab
added 2016/04/01 12:0 a.m.37 views

Cross-site request forgery

Administrate::ApplicationController actions don't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf...

5.4CVSS4.9AI score0.00316EPSS
Exploits0References3Affected Software1
rubygems
rubygems
added 2016/04/01 12:0 a.m.21 views

Cross-site request forgery (CSRF) vulnerability in administrate gem

"Administrate::ApplicationController actions didn't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf."...

5.4CVSS5AI score0.00316EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2013/03/27 9:55 p.m.17 views

CVE-2013-1782

Cross-site scripting XSS vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons...

2.1CVSS5.2AI score0.01064EPSS
Exploits0References7
prion
prion
added 2013/03/27 9:55 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons...

2.1CVSS5.6AI score0.00941EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2013/03/27 9:0 p.m.27 views

CVE-2013-1784

Cross-site scripting XSS vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors...

5.3AI score0.00941EPSS
Exploits0References5
cvelist
cvelist
added 2013/03/27 9:0 p.m.29 views

CVE-2013-1780

Cross-site scripting XSS vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons...

5.2AI score0.01089EPSS
Exploits0References8
fedora
fedora
added 2011/05/26 9:49 p.m.21 views

[SECURITY] Fedora 13 Update: libcgroup-0.35.1-5.fc13

Control groups infrastructure. The tools and library help manipulate, contr ol, administrate and monitor control groups and the associated controllers...

7.2CVSS2.7AI score0.00419EPSS
Exploits0
fedora
fedora
added 2011/03/25 7:22 p.m.22 views

[SECURITY] Fedora 14 Update: libcgroup-0.36.2-6.fc14

Control groups infrastructure. The tools and library help manipulate, contr ol, administrate and monitor control groups and the associated controllers...

7.2CVSS2.7AI score0.00419EPSS
Exploits0
securityvulns
securityvulns
added 2010/06/23 12:0 a.m.51 views

XSS vulnerability in Scribe CMS

Vulnerability ID: HTB22420 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinscribecms.html Product: Scribe CMS Vendor: Sigmer Technologies Vulnerable Version: Current at 03.06.2010 and Probably Prior Versions Vendor Notification: 07 June 2010 Vulnerability Type: XSS Cross Site Scripti...

0.4AI score
Exploits0
Rows per page
Query Builder