Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails 3.2.6 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2013-4389
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x prior to 3.2.15 allow remote malicious users to cause a denial of service via a crafted e-mail address that is improperly handled during constru...
Rubyonrails Rails
Opensuse Opensuse 12.3
Opensuse Opensuse 12.2
Opensuse Opensuse 13.1
Debian Debian Linux 7.0
383
VMScore
CVE-2013-1855
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails prior to 2.3.18, 3.0.x and 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 does not properly handle \n (newline) characters, which makes it easier...
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.2.5
Rubyonrails Rails 3.2.6
Rubyonrails Rails 3.2.10
Rubyonrails Rails 3.2.11
Rubyonrails Rails 3.2.12
Rubyonrails Rails 3.2.2
Rubyonrails Rails 3.2.3
Rubyonrails Rails 3.2.4
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.7.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 1.2.4
Rubyonrails Ruby On Rails 0.8.5
Rubyonrails Ruby On Rails 0.6.0
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Ruby On Rails 0.9.0
383
VMScore
CVE-2013-1857
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails prior to 2.3.18, 3.0.x and 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes ...
Redhat Enterprise Linux 6.0
Rubyonrails Rails 2.3.15
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.0
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.0.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.3.12
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 1.2.1
Rubyonrails Rails 1.2.0
Rubyonrails Rails 1.1.6
Rubyonrails Rails 1.1.5
Rubyonrails Rails 0.9.4.1
Rubyonrails Rails 0.14.4
Rubyonrails Ruby On Rails 0.5.0
Rubyonrails Ruby On Rails 0.5.5
383
VMScore
CVE-2012-3463
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 allows remote malicious users to inject arbitrary web script or HTML via the prompt field to the ...
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.16
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.10
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.1
383
VMScore
CVE-2012-3464
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 might allow remote malicious users to inject arbitrary web script or HTML via vectors inv...
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 1.2.4
Rubyonrails Rails 1.2.3
Rubyonrails Rails 1.1.3
Rubyonrails Rails 1.1.2
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Rails 3.0.9
383
VMScore
CVE-2012-3465
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 allows remote malicious users to inject arbitrary web script or HTML via mal...
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 1.2.4
Rubyonrails Rails 1.2.3
Rubyonrails Rails 1.2.2
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.1
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.6.0
383
VMScore
CVE-2012-2694
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails prior to 3.0.14, 3.1.x prior to 3.1.6, and 3.2.x prior to 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote malicious u...
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.0
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Ruby On Rails
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.3
1 Github repository
383
VMScore
CVE-2011-2932
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x prior to 2.3.13, 3.0.x prior to 3.0.10, and 3.1.x prior to 3.1.0.rc5 allows remote malicious users to inject arbitrary web script or HTML via a malfo...
Rubyonrails Rails 2.2.1
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 2.2.2
Rubyonrails Rails 2.2.0
Rubyonrails Rails 2.0.4
Rubyonrails Rails 2.3.9
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.1.0
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.0.1
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 3.0.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2