Lucene search
K

28 matches found

OSV
OSV
added 2017/10/24 6:33 p.m.45 views

GHSA-76WQ-XW4H-F8WJ activerecord vulnerable to SQL Injection

The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via...

7.5CVSS7.1AI score0.02924EPSS
Exploits2References11
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.57 views

activerecord vulnerable to SQL Injection

The Active Record component in Ruby on Rails efore 2.3.15, 3.0.x before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via...

7.5CVSS7.1AI score0.02924EPSS
Exploits2References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.53 views

openSUSE Security Update : rubygem-actionmailer-3_2 / rubygem-actionpack-3_2 / rubygem-activemodel-3_2 / etc (openSUSE-SU-2012:1066-1)

Multiple version upgrades for rails components. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-536. The text description of this plugin is C SUSE LLC...

7.5CVSS7.7AI score0.046EPSS
Exploits7References6
OpenVAS
OpenVAS
added 2013/02/22 12:0 a.m.40 views

Fedora Update for rubygem-activerecord FEDORA-2013-2351

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5CVSS7.8AI score0.04458EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2013/01/24 12:0 a.m.45 views

Fedora Update for rubygem-activerecord FEDORA-2013-0686

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2013-0686 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

7.5CVSS7.8AI score0.99449EPSS
Exploits28References2
OpenVAS
OpenVAS
added 2013/01/24 12:0 a.m.40 views

Fedora Update for rubygem-activerecord FEDORA-2013-0635

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

8.2AI score
Exploits0References2
OpenVAS
OpenVAS
added 2013/01/24 12:0 a.m.36 views

Fedora Update for rubygem-activerecord FEDORA-2013-0686

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected",...

8.2AI score
Exploits0References2
OpenVAS
OpenVAS
added 2013/01/24 12:0 a.m.29 views

Fedora Update for rubygem-activerecord FEDORA-2013-0635

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2013-0635 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

7.5CVSS7.8AI score0.99449EPSS
Exploits28References2
OpenVAS
OpenVAS
added 2013/01/15 12:0 a.m.34 views

Fedora Update for rubygem-activerecord FEDORA-2013-0245

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.7AI score
Exploits0References2
OpenVAS
OpenVAS
added 2013/01/15 12:0 a.m.36 views

Fedora Update for rubygem-activerecord FEDORA-2013-0244

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.7AI score
Exploits0References2
OpenVAS
OpenVAS
added 2013/01/15 12:0 a.m.37 views

Fedora Update for rubygem-activerecord FEDORA-2013-0245

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2013-0245 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

7.5CVSS6.6AI score0.04458EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2012/08/30 12:0 a.m.51 views

Fedora Update for rubygem-activerecord FEDORA-2012-9635

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2012-9635 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

7.5CVSS6.3AI score0.04174EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2012/08/30 12:0 a.m.29 views

Fedora Update for rubygem-activerecord FEDORA-2012-8901

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS6.4AI score0.04174EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2012/08/30 12:0 a.m.35 views

Fedora Update for rubygem-activerecord FEDORA-2012-9635

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.4AI score
Exploits0References2
OpenVAS
OpenVAS
added 2012/07/03 12:0 a.m.40 views

Fedora Update for rubygem-activerecord FEDORA-2012-9639

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2012-9639 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

7.5CVSS6.3AI score0.04174EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2012/07/03 12:0 a.m.43 views

Fedora Update for rubygem-activerecord FEDORA-2012-9639

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5CVSS6.4AI score0.04174EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2012/07/01 12:0 a.m.56 views

Fedora 16 : rubygem-activerecord-3.0.10-3.fc16 (2012-9639)

Fix for CVE-2012-2661. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

7.5CVSS7.2AI score0.04174EPSS
Exploits4References4
Prion
Prion
added 2012/06/22 2:55 p.m.36 views

Sql injection

The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

7.5CVSS7.8AI score0.04174EPSS
Exploits4References6Affected Software2
CVE
CVE
added 2012/06/22 2:0 p.m.169 views

CVE-2012-2661

CVE-2012-2661 concerns Ruby on Rails ActiveRecord where passing request data to a where call can enable SQL injection via nested query parameters. Affected ranges are Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4. The issue is related to the handling of nested query hashes...

5CVSS7.3AI score0.04174EPSS
Exploits2References5Affected Software2
Debian CVE
Debian CVE
added 2012/06/22 2:0 p.m.53 views

CVE-2012-2661

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

5CVSS7.4AI score0.04174EPSS
Exploits2
Rows per page
Query Builder