DEBIAN-CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...

openSUSE Security Update : rubygem-actionpack/activerecord-2_3 (openSUSE-SU-2012:0978-1)

3 Security issues were fixed in rails 2.3 core components. 2 NULL query issues where fixed in the actionpack gem. 1 SQL injection was fixed in the activerecord gem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

CVE-2013-0277 rubygem-activerecord: Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

openSUSE: Security Advisory for rubygem-actionpack/activerecord-2_3 (openSUSE-SU-2012:0978-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE Update for rubygem-actionpack/activerecord-2_3 openSUSE-SU-2012:0978-1 (rubygem-actionpack/activerecord-2_3)

Check for the Version of rubygem-actionpack/activerecord-23 OpenVAS Vulnerability Test $Id: gbsuse201209781.nasl 8273 2018-01-03 06:29:19Z teissa $ SuSE Update for rubygem-actionpack/activerecord-23 openSUSE-SU-2012:0978-1 rubygem-actionpack/activerecord-23 Authors: System Generated Check...

CVE-2011-2931

Cross-site scripting XSS vulnerability in the striptags helper in actionpack/lib/actioncontroller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an inval...