Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-3187
The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote malicious users to inject arbitrary text into log files or by...
Rubyonrails Rails 3.0.5
1 EDB exploit
NA
CVE-2011-3186
CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x prior to 2.3.13 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.4
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.3.12
NA
CVE-2011-2197
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x prior to 2.3.12, 3.0.x prior to 3.0.8, and 3.1.x prior to 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote malicious users to conduct XSS attacks via crafted string...
Rubyonrails Rails 2.0.1
Rubyonrails Rails 2.0.2
Rubyonrails Rails 2.0.4
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.4
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.0.0
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.4
NA
CVE-2011-0449
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x prior to 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote malicious users to bypass intended access re...
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.4
NA
CVE-2011-0448
Ruby on Rails 3.0.x prior to 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote malicious users to conduct SQL injection attacks via a non-numeric argument.
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.4
NA
CVE-2011-0447
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x prior to 2.3.11, and 3.x prior to 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote malicious users to conduct cross-site request forgery (CSRF) attacks via forged (1) AJ...
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.4
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.3.10
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.4
NA
CVE-2011-0446
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails prior to 2.3.11, and 3.x prior to 3.0.4, when javascript encoding is used, allow remote malicious users to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.
Rubyonrails Rails 2.0.1
Rubyonrails Rails 2.0.2
Rubyonrails Rails 2.0.4
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.4
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.0.0
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.4
NA
CVE-2010-3933
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote malicious users to modify arbitrary records by changing the names of parameters for form inputs.
Rubyonrails Rails 2.3.9
Rubyonrails Rails 3.0.0
NA
CVE-2008-7248
Ruby on Rails 2.1 prior to 2.1.3 and 2.2.x prior to 2.2.2 does not verify tokens for requests with certain content types, which allows remote malicious users to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demon...
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.2.1
1 EDB exploit
NA
CVE-2009-4214
Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails prior to 2.2.s, and 2.3.x prior to 2.3.5, allows remote malicious users to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and ...
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.4
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.7.0
Rubyonrails Rails 1.2.4
Rubyonrails Ruby On Rails 0.8.5
Rubyonrails Ruby On Rails 0.6.0
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Ruby On Rails 0.9.0
Rubyonrails Ruby On Rails 0.5.5
Rubyonrails Ruby On Rails 0.5.0
Rubyonrails Ruby On Rails 0.6.5
Rubyonrails Rails 0.9.1
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Rails 0.9.4
Rubyonrails Rails 0.9.4.1
Rubyonrails Rails 0.10.0
Rubyonrails Rails 0.10.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »