15 matches found
EUVD-2022-5249
Malicious code in bioql PyPI...
GHSA-RX7J-MW4C-76G9 Authlogic Information Exposure vulnerability
The Authlogic gem for Ruby on Rails prior to version 3.3.0 makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as demonstrated by a value...
Authlogic Information Exposure vulnerability
The Authlogic gem for Ruby on Rails prior to version 3.3.0 makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as demonstrated by a value...
Active Record contains SQL Injection
SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in...
CVE-2012-6497
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...
CVE-2012-6497
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...
DEBIAN-CVE-2012-6497
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...
Sql injection
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...
CVE-2012-6497
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...
CVE-2012-6497
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe findbyid method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secrettoken value, as...
CVE-2012-6497
Technical details about CVE-2012-6497 are not publicly provided in the supplied documents. Monitoring for updates is recommended as no concrete affected products, versions, root cause, or fixes are included here.
PT-2013-1961 · Ruby On Rails · Authlogic
Name of the Vulnerable Software and Affected Versions: Authlogic gem for Ruby on Rails versions prior to 3.3.0 Description: The issue allows remote attackers to conduct SQL injection attacks via a crafted parameter in environments with a known secret token value. This is demonstrated by a value...
Ruby on Rails Authlogic gem SQL注入漏洞
CVE ID: CVE-2012-5664 Ruby on Rails是一款Web应用程序框架,构建在Ruby语言之上 AuthLogic gem实现存在一个SQL注入漏洞,如果Ruby on Rails应用使用AuthLogic gem进行验证,并且攻击者在能访问Rails应用的私钥的情况下,可绕过安全限制进行未授权访问 0 Ruby on Rails 厂商补丁: Ruby on Rails ---------- 目前没有详细解决方案提供: http://rubygems.org/gems/authlogic...
Ruby on Rails find_by_* Methods Authlogic SQL Injection Bypass
Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL...
Ruby on Rails Authlogic Gem secret_token.rb Known secret_token Value Weakness
Ruby on Rails contains a flaw in the Authlogic gem. The issue is triggered when the program makes an unsafe method call for findbyid. With a specially crafted parameter in an environment that knows the secrettoken value in secrettoken.rb, a remote attacker to more easily conduct SQL injection...