19 matches found
Gentoo Security Advisory GLSA 200912-02 (rails)
The remote host is missing updates announced in advisory GLSA 200912-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Fedora Core 10 FEDORA-2009-12966 (rubygem-actionpack)
The remote host is missing an update to rubygem-actionpack announced via advisory FEDORA-2009-12966. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are...
Fedora Core 10 FEDORA-2009-12966 (rubygem-actionpack)
The remote host is missing an update to rubygem-actionpack announced via advisory FEDORA-2009-12966. OpenVAS Vulnerability Test $Id: fcore200912966.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12966 rubygem-actionpack Authors: Thomas Reinke...
SuSE Security Summary SUSE-SR:2009:017
The remote host is missing updates announced in advisory SUSE-SR:2009:017. SuSE Security Summaries are short on detail when it comes to the names of packages affected by a particular bug. Because of this, while this test will detect out of date packages, it cannot tell you what bugs impact which...
openSUSE Security Update : rubygem-actionpack-2_1 (rubygem-actionpack-2_1-1320)
This update improves the escaping in the helper code of Ruby on Rails to protect against XSS attacks CVE-2009-3009 and an information leak CVE-2009-3086. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Securi...
Fedora Core 11 FEDORA-2009-10484 (rubygem-actionmailer)
The remote host is missing an update to rubygem-actionmailer announced via advisory FEDORA-2009-10484. OpenVAS Vulnerability Test $Id: fcore200910484.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-10484 rubygem-actionmailer Authors: Thomas Reinke...
Fedora Core 11 FEDORA-2009-10484 (rubygem-actionmailer)
The remote host is missing an update to rubygem-actionmailer announced via advisory FEDORA-2009-10484. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are...
Fedora Core 10 FEDORA-2009-9799 (rubygem-activesupport)
The remote host is missing an update to rubygem-activesupport announced via advisory FEDORA-2009-9799. OpenVAS Vulnerability Test $Id: fcore20099799.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-9799 rubygem-activesupport Authors: Thomas Reinke...
Fedora 11 : rubygem-actionpack-2.3.3-2.fc11 / rubygem-activesupport-2.3.3-2.fc11 (2009-9922)
A vulnerability is found on Ruby on Rails in the escaping code for the form helpers, which also affects the rpms shipped in Fedora Project. Attackers who can inject deliberately malformed unicode strings into the form helpers can defeat the escaping checks and inject arbitrary HTML. This issue ha...
Fedora Core 11 FEDORA-2009-9922 (rubygem-actionpack)
The remote host is missing an update to rubygem-actionpack announced via advisory FEDORA-2009-9922. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are...
Fedora 10 : rubygem-actionpack-2.1.1-3.fc10 / rubygem-activesupport-2.1.1-2.fc10 (2009-9799)
A vulnerability is found on Ruby on Rails in the escaping code for the form helpers, which also affects the rpms shipped in Fedora Project. Attackers who can inject deliberately malformed unicode strings into the form helpers can defeat the escaping checks and inject arbitrary HTML. This issue ha...
Debian: Security Advisory (DSA-1887-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 1887-1] New rails packages fix cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1887-1 [email protected] http://www.debian.org/security/ Steffen Joeris September 15, 2009 http://www.debian.org/security/faq -...
CVE-2009-3009
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
CVE-2009-3009
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
CVE-2009-3009
Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, are affected by CVE-2009-3009 due to an input sanitization flaw in a form helper that can allow cross-site scripting via malformed Unicode strings. This is a known XSS vulnerability that could enable remote attackers to inject arbitrary scri...
CVE-2009-3009
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
CVE-2009-3009
Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...
Ruby on Rails表单帮助程序Unicode字符串处理跨站脚本漏洞
BUGTRAQ ID: 36278 CVECAN ID: CVE-2009-3009 Ruby on Rails是一个新的Web应用程序框架,构建在Ruby语言之上。 Ruby on Rails的表单帮助程序中的转义代码存在跨站脚本漏洞,远程攻击者可以通过向其提交恶意的Unicode字符串绕过转义检查,在用户浏览器会话中注入并执行任意HTML代码。 David Heinemeier Hansson Ruby on Rails 2.x 厂商补丁: David Heinemeier Hansson ------------------------...