Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails 1.1.2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-4112
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 up to and including 1.1.5 allows remote malicious users to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of servic...
Rubyonrails Rails 1.1.0
Rubyonrails Rails 1.1.1
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.3
Rubyonrails Rails 1.1.4
5
CVSSv2
CVE-2008-5189
CRLF injection vulnerability in Ruby on Rails prior to 2.0.5 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
Rubyonrails Rails 2.0.1
Rubyonrails Rails 2.0.0
Rubyonrails Rails 1.2.4
Rubyonrails Rails 1.2.2
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.0
Rubyonrails Rails 0.9.3
Rubyonrails Rails 0.9.4.1
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.6.5
Rubyonrails Rails 0.13.1
Rubyonrails Rails 0.14.2
Rubyonrails Ruby On Rails
Rubyonrails Rails 1.2.0
Rubyonrails Rails 1.1.6
Rubyonrails Rails 1.1.5
Rubyonrails Rails 1.1.4
Rubyonrails Rails 0.14.4
Rubyonrails Ruby On Rails 0.5.0
Rubyonrails Ruby On Rails 0.5.5
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Rails 0.11.0
7.5
CVSSv2
CVE-2006-4111
Ruby on Rails prior to 1.1.5 allows remote malicious users to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails 0.9.0
Rubyonrails Ruby On Rails 0.5.0
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Rails 0.12.0
Rubyonrails Rails 0.13.0
Rubyonrails Rails 0.14.1
Rubyonrails Rails 0.11.0
Rubyonrails Rails 1.1.3
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.1
Rubyonrails Rails 1.1.0
Rubyonrails Rails 1.0.0
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.6.0
Rubyonrails Ruby On Rails 0.6.5
Rubyonrails Ruby On Rails 0.7.0
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Rails 0.9.4
Rubyonrails Rails 0.9.4.1
Rubyonrails Rails 0.13.1
4.3
CVSSv2
CVE-2009-4214
Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails prior to 2.2.s, and 2.3.x prior to 2.3.5, allows remote malicious users to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and ...
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.4
Rubyonrails Rails 1.9.5
Rubyonrails Rails 1.2.5
Rubyonrails Rails 1.1.5
Rubyonrails Rails 1.1.3
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails 0.9.0
Rubyonrails Ruby On Rails 0.5.0
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Rails 0.13.0
Rubyonrails Rails 0.14.1
Rubyonrails Rails 0.11.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.0.4
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.0.1
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.1
Rubyonrails Rails 1.1.0
Rubyonrails Rails 1.0.0
7.5
CVSSv2
CVE-2008-4094
Multiple SQL injection vulnerabilities in Ruby on Rails prior to 2.1.1 allow remote malicious users to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.0.2
Rubyonrails Rails 1.2.6
Rubyonrails Rails 1.2.5
Rubyonrails Rails 1.1.4
Rubyonrails Rails 1.1.3
Rubyonrails Ruby On Rails 0.9.0
Rubyonrails Rails 0.9.1
Rubyonrails Ruby On Rails 0.5.5
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Rails 0.12.1
Rubyonrails Rails 0.14.1
Rubyonrails Ruby On Rails
Rubyonrails Rails 2.0.0
Rubyonrails Rails 1.9.5
Rubyonrails Rails 1.2.0
Rubyonrails Rails 1.1.6
Rubyonrails Rails 1.1.5
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails 0.8.5
Rubyonrails Rails 0.14.4
Rubyonrails Ruby On Rails 0.5.0
4.3
CVSSv2
CVE-2012-3464
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 might allow remote malicious users to inject arbitrary web script or HTML via vectors inv...
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 1.2.4
Rubyonrails Rails 1.2.3
Rubyonrails Rails 1.1.3
Rubyonrails Rails 1.1.2
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Rails 3.0.9
4.3
CVSSv2
CVE-2012-3465
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 allows remote malicious users to inject arbitrary web script or HTML via mal...
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 1.2.4
Rubyonrails Rails 1.2.3
Rubyonrails Rails 1.2.2
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.1
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.6.0
4.3
CVSSv2
CVE-2013-1855
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails prior to 2.3.18, 3.0.x and 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 does not properly handle \n (newline) characters, which makes it easier...
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.2.5
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.2.10
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.12
Rubyonrails Rails 3.2.2
Rubyonrails Rails 3.2.3
Rubyonrails Rails 3.2.4
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.7.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 1.2.4
Rubyonrails Ruby On Rails 0.8.5
Rubyonrails Ruby On Rails 0.6.0
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Ruby On Rails 0.9.0
4.3
CVSSv2
CVE-2013-1857
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails prior to 2.3.18, 3.0.x and 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes ...
Redhat Enterprise Linux 6.0
Rubyonrails Rails 2.3.15
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.0
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.0.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.3.12
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 1.2.1
Rubyonrails Rails 1.2.0
Rubyonrails Rails 1.1.6
Rubyonrails Rails 1.1.5
Rubyonrails Rails 0.9.4.1
Rubyonrails Rails 0.14.4
Rubyonrails Ruby On Rails 0.5.0
Rubyonrails Ruby On Rails 0.5.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started