Lucene search
K

19 matches found

OpenVAS
OpenVAS
added 2009/12/30 12:0 a.m.62 views

Gentoo Security Advisory GLSA 200912-02 (rails)

The remote host is missing updates announced in advisory GLSA 200912-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

7.5CVSS0.7AI score0.0808EPSS
Exploits5
OpenVAS
OpenVAS
added 2009/12/14 12:0 a.m.35 views

Fedora Core 10 FEDORA-2009-12966 (rubygem-actionpack)

The remote host is missing an update to rubygem-actionpack announced via advisory FEDORA-2009-12966. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are...

5CVSS9.4AI score0.03022EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2009/12/14 12:0 a.m.37 views

Fedora Core 10 FEDORA-2009-12966 (rubygem-actionpack)

The remote host is missing an update to rubygem-actionpack announced via advisory FEDORA-2009-12966. OpenVAS Vulnerability Test $Id: fcore200912966.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12966 rubygem-actionpack Authors: Thomas Reinke...

5CVSS9.6AI score0.03022EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/10/27 12:0 a.m.35 views

SuSE Security Summary SUSE-SR:2009:017

The remote host is missing updates announced in advisory SUSE-SR:2009:017. SuSE Security Summaries are short on detail when it comes to the names of packages affected by a particular bug. Because of this, while this test will detect out of date packages, it cannot tell you what bugs impact which...

7.5CVSS1.4AI score0.3038EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2009/10/22 12:0 a.m.30 views

openSUSE Security Update : rubygem-actionpack-2_1 (rubygem-actionpack-2_1-1320)

This update improves the escaping in the helper code of Ruby on Rails to protect against XSS attacks CVE-2009-3009 and an information leak CVE-2009-3086. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Securi...

5CVSS5AI score0.03022EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2009/10/19 12:0 a.m.32 views

Fedora Core 11 FEDORA-2009-10484 (rubygem-actionmailer)

The remote host is missing an update to rubygem-actionmailer announced via advisory FEDORA-2009-10484. OpenVAS Vulnerability Test $Id: fcore200910484.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-10484 rubygem-actionmailer Authors: Thomas Reinke...

4.3CVSS9.5AI score0.03022EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2009/10/19 12:0 a.m.32 views

Fedora Core 11 FEDORA-2009-10484 (rubygem-actionmailer)

The remote host is missing an update to rubygem-actionmailer announced via advisory FEDORA-2009-10484. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are...

4.3CVSS9.5AI score0.03022EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/09/28 12:0 a.m.35 views

Fedora Core 10 FEDORA-2009-9799 (rubygem-activesupport)

The remote host is missing an update to rubygem-activesupport announced via advisory FEDORA-2009-9799. OpenVAS Vulnerability Test $Id: fcore20099799.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-9799 rubygem-activesupport Authors: Thomas Reinke...

4.3CVSS9.5AI score0.03022EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2009/09/28 12:0 a.m.38 views

Fedora 11 : rubygem-actionpack-2.3.3-2.fc11 / rubygem-activesupport-2.3.3-2.fc11 (2009-9922)

A vulnerability is found on Ruby on Rails in the escaping code for the form helpers, which also affects the rpms shipped in Fedora Project. Attackers who can inject deliberately malformed unicode strings into the form helpers can defeat the escaping checks and inject arbitrary HTML. This issue ha...

4.3CVSS5AI score0.03022EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2009/09/28 12:0 a.m.26 views

Fedora Core 11 FEDORA-2009-9922 (rubygem-actionpack)

The remote host is missing an update to rubygem-actionpack announced via advisory FEDORA-2009-9922. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are...

4.3CVSS9.5AI score0.03022EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2009/09/25 12:0 a.m.43 views

Fedora 10 : rubygem-actionpack-2.1.1-3.fc10 / rubygem-activesupport-2.1.1-2.fc10 (2009-9799)

A vulnerability is found on Ruby on Rails in the escaping code for the form helpers, which also affects the rpms shipped in Fedora Project. Attackers who can inject deliberately malformed unicode strings into the form helpers can defeat the escaping checks and inject arbitrary HTML. This issue ha...

4.3CVSS5AI score0.03022EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2009/09/21 12:0 a.m.33 views

Debian: Security Advisory (DSA-1887-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS9.6AI score0.03022EPSS
Exploits1References3
securityvulns
securityvulns
added 2009/09/15 12:0 a.m.71 views

[SECURITY] [DSA 1887-1] New rails packages fix cross-site scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1887-1 [email protected] http://www.debian.org/security/ Steffen Joeris September 15, 2009 http://www.debian.org/security/faq -...

4.3CVSS0.03022EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2009/09/08 6:30 p.m.29 views

CVE-2009-3009

Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...

4.3CVSS6AI score0.03022EPSS
Exploits1References1
OSV
OSV
added 2009/09/08 6:30 p.m.6 views

CVE-2009-3009

Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...

5.4AI score
Exploits0References15
CVE
CVE
added 2009/09/08 6:0 p.m.118 views

CVE-2009-3009

Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, are affected by CVE-2009-3009 due to an input sanitization flaw in a form helper that can allow cross-site scripting via malformed Unicode strings. This is a known XSS vulnerability that could enable remote attackers to inject arbitrary scri...

4.3CVSS7.6AI score0.03022EPSS
Exploits1References14Affected Software1
Debian CVE
Debian CVE
added 2009/09/08 6:0 p.m.38 views

CVE-2009-3009

Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...

4.3CVSS4.6AI score0.03022EPSS
Exploits1
Cvelist
Cvelist
added 2009/09/08 6:0 p.m.20 views

CVE-2009-3009

Cross-site scripting XSS vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper...

7.9AI score0.03022EPSS
Exploits1References14
seebug.org
seebug.org
added 2009/09/08 12:0 a.m.43 views

Ruby on Rails表单帮助程序Unicode字符串处理跨站脚本漏洞

BUGTRAQ ID: 36278 CVECAN ID: CVE-2009-3009 Ruby on Rails是一个新的Web应用程序框架,构建在Ruby语言之上。 Ruby on Rails的表单帮助程序中的转义代码存在跨站脚本漏洞,远程攻击者可以通过向其提交恶意的Unicode字符串绕过转义检查,在用户浏览器会话中注入并执行任意HTML代码。 David Heinemeier Hansson Ruby on Rails 2.x 厂商补丁: David Heinemeier Hansson ------------------------...

4.3CVSS0.4AI score0.03022EPSS
Exploits1
Rows per page
Query Builder