39 matches found
Sort order SQL injection via `direction` parameter in administrate
In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...
CVE-2020-5257
In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...
CVE-2020-5257
In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...
Sql injection
In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...
Sort order SQL injection in Administrate
In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...
GHSA-2P5P-M353-833W Sort order SQL injection in Administrate
In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...
CVE-2020-5257 Sort order SQL injection in Administrate
In Administrate rubygem before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord...
CVE-2020-5257
CVE-2020-5257 affects the Administrate Ruby gem prior to version 0.13.0. The vulnerability arises when sorting by attributes on a dashboard, where the direction parameter was interpolated into an SQL query without validation, potentially enabling SQL injection if an attacker can modify the direct...
SQL Injection
In Administrate rubygem, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the direction parameter and bypass ActiveRecord SQL protections. Whils...
[SECURITY] Fedora 28 Update: libcgroup-0.41-20.fc28
Control groups infrastructure. The library helps manipulate, control, administrate and monitor control groups and the associated controllers...
Cross-site request forgery
Administrate::ApplicationController actions don't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf...
Cross-site request forgery (CSRF) vulnerability in administrate gem
"Administrate::ApplicationController actions didn't have CSRF protection. Remote attackers can hijack user's sessions and use any functionality that administrate exposes on their behalf."...
CVE-2013-1782
Cross-site scripting XSS vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons...
Cross site scripting
Cross-site scripting XSS vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons...
CVE-2013-1784
Cross-site scripting XSS vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-1780
Cross-site scripting XSS vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons...
[SECURITY] Fedora 13 Update: libcgroup-0.35.1-5.fc13
Control groups infrastructure. The tools and library help manipulate, contr ol, administrate and monitor control groups and the associated controllers...
[SECURITY] Fedora 14 Update: libcgroup-0.36.2-6.fc14
Control groups infrastructure. The tools and library help manipulate, contr ol, administrate and monitor control groups and the associated controllers...
XSS vulnerability in Scribe CMS
Vulnerability ID: HTB22420 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinscribecms.html Product: Scribe CMS Vendor: Sigmer Technologies Vulnerable Version: Current at 03.06.2010 and Probably Prior Versions Vendor Notification: 07 June 2010 Vulnerability Type: XSS Cross Site Scripti...