Lucene search
K

6 matches found

RubySec
RubySec
added 2017/10/24 12:0 a.m.16 views

Filter Problems on Case-Insensitive Filesystems in rails/actionpack

actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action...

7.5CVSS6.9AI score0.02498EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2012/06/22 2:55 p.m.43 views

CVE-2012-2661

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

5CVSS7.2AI score0.04174EPSS
Exploits2References1
Prion
Prion
added 2011/11/28 11:55 a.m.32 views

Cross site scripting

Cross-site scripting XSS vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the railsxss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string...

4.3CVSS6AI score0.01638EPSS
Exploits0References9Affected Software2
Debian CVE
Debian CVE
added 2011/11/28 11:0 a.m.75 views

CVE-2011-4319

Cross-site scripting XSS vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the railsxss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string...

4.3CVSS5.5AI score0.01638EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2011/08/29 6:55 p.m.32 views

CVE-2011-2931

Cross-site scripting XSS vulnerability in the striptags helper in actionpack/lib/actioncontroller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an inval...

4.3CVSS7.2AI score0.02492EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2011/08/29 6:55 p.m.35 views

CVE-2011-2929

The template selection functionality in actionpack/lib/actionview/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping...

5CVSS6AI score0.01813EPSS
Exploits0References4
Rows per page
Query Builder