Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails 1.1.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-4112
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 up to and including 1.1.5 allows remote malicious users to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of servic...
Rubyonrails Rails 1.1.0
Rubyonrails Rails 1.1.1
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.3
Rubyonrails Rails 1.1.4
NA
CVE-2012-2694
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails prior to 3.0.14, 3.1.x prior to 3.1.6, and 3.2.x prior to 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote malicious u...
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.0
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Ruby On Rails
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.3
1 Github repository
NA
CVE-2012-3424
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x prior to 3.0.16, 3.1.x prior to 3.1.7, and 3.2.x prior to 3.2.7 converts Digest Authentication strings to symbols, which allows remote malicious users to cause a de...
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.7
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.1.3
NA
CVE-2013-0276
ActiveRecord in Ruby on Rails prior to 2.3.17, 3.1.x prior to 3.1.11, and 3.2.x prior to 3.2.12 allows remote malicious users to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.3
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.4
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.2.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.2.2
Rubyonrails Rails 3.2.10
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.3
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.1.9
Rubyonrails Rails 3.1.8
Rubyonrails Rails 3.1.7
3 Github repositories
NA
CVE-2012-2695
The Active Record component in Ruby on Rails prior to 3.0.14, 3.1.x prior to 3.1.6, and 3.2.x prior to 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote malicious users to conduct certain SQL injection at...
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.3
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Ruby On Rails
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.3
NA
CVE-2012-2660
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails prior to 3.0.13, 3.1.x prior to 3.1.5, and 3.2.x prior to 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote malicious u...
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.11
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.3
Rubyonrails Rails 3.2.3
1 Github repository
NA
CVE-2012-2661
The Active Record component in Ruby on Rails 3.0.x prior to 3.0.13, 3.1.x prior to 3.1.5, and 3.2.x prior to 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote malicious users to conduct certain SQL inject...
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.7
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.3
Rubyonrails Rails 3.2.4
2 Github repositories
NA
CVE-2012-3463
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 allows remote malicious users to inject arbitrary web script or HTML via the prompt field to the ...
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.16
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.10
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.1
NA
CVE-2012-3464
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 might allow remote malicious users to inject arbitrary web script or HTML via vectors inv...
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 1.2.4
Rubyonrails Rails 1.2.3
Rubyonrails Rails 1.1.3
Rubyonrails Rails 1.1.2
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Rails 3.0.9
NA
CVE-2012-3465
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 allows remote malicious users to inject arbitrary web script or HTML via mal...
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 1.2.4
Rubyonrails Rails 1.2.3
Rubyonrails Rails 1.2.2
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.1
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »