Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails ruby on rails vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2017-17920
SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states tha...
Rubyonrails Ruby On Rails
668
VMScore
CVE-2012-2695
The Active Record component in Ruby on Rails prior to 3.0.14, 3.1.x prior to 3.1.6, and 3.2.x prior to 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote malicious users to conduct certain SQL injection at...
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.3
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Ruby On Rails
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.3
445
VMScore
CVE-2016-2097
Directory traversal vulnerability in Action View in Ruby on Rails prior to 3.2.22.2 and 4.x prior to 4.1.14.2 allows remote malicious users to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname...
Rubyonrails Rails 4.0.4
Rubyonrails Rails 4.1.9
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.12
Rubyonrails Rails 4.1.10
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.0.5
Rubyonrails Rails 4.0.1
Rubyonrails Ruby On Rails
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.14
Rubyonrails Rails 4.1.13
Rubyonrails Rails 4.0.10
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.0.8
Rubyonrails Rails 4.0.7
383
VMScore
CVE-2012-2694
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails prior to 3.0.14, 3.1.x prior to 3.1.6, and 3.2.x prior to 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote malicious u...
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.0
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Ruby On Rails
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.3
1 Github repository
445
VMScore
CVE-2011-2929
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x prior to 3.0.10 and 3.1.x prior to 3.1.0.rc6 does not properly handle glob characters, which allows remote malicious users to render arbitrary views via a crafted URL, r...
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.7
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.1.0
873
VMScore
CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails prior to 2.3.15, 3.0.x prior to 3.0.19, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.11 does not properly restrict casts of string values, which allows remote malicious users to conduct object-injection attacks and exe...
Rubyonrails Ruby On Rails
Rubyonrails Rails
Debian Debian Linux 7.0
Debian Debian Linux 6.0
2 EDB exploits
2 Metasploit modules
2 Nmap scripts
11 Github repositories
3 Articles
668
VMScore
CVE-2012-6496
SQL injection vulnerability in the Active Record component in Ruby on Rails prior to 3.0.18, 3.1.x prior to 3.1.9, and 3.2.x prior to 3.2.10 allows remote malicious users to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders ...
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.7
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.8
Rubyonrails Rails 3.1.3
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.6
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.2
446
VMScore
CVE-2014-7829
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x prior to 3.2.21, 4.0.x prior to 4.0.12, 4.1.x prior to 4.1.8, and 4.2.x prior to 4.2.0.beta4, when serve_static_assets is enabled, allows remote malicious ...
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.16
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.15
Rubyonrails Rails 3.2.16
Rubyonrails Rails 3.2.3
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
758
VMScore
CVE-2016-2098
Action Pack in Ruby on Rails prior to 3.2.22.2, 4.x prior to 4.1.14.2, and 4.2.x prior to 4.2.5.2 allows remote malicious users to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Debian Debian Linux 8.0
Rubyonrails Rails 4.2.4
Rubyonrails Rails 4.2.3
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.1.9
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.12
Rubyonrails Rails 4.1.10
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.0.5
Rubyonrails Rails 4.0.1
Rubyonrails Ruby On Rails
Rubyonrails Rails 4.2.5
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.14
Rubyonrails Rails 4.1.13
Rubyonrails Rails 4.0.10
1 EDB exploit
10 Github repositories
445
VMScore
CVE-2013-1854
The Active Record component in Ruby on Rails 2.3.x prior to 2.3.18, 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote malicious users to cause a denial of service via crafted input to a where method.
Rubyonrails Ruby On Rails 2.3.17
Rubyonrails Ruby On Rails 3.1.11
Rubyonrails Rails 2.3.0
Rubyonrails Rails 2.3.1
Rubyonrails Rails 2.3.2
Rubyonrails Rails 2.3.3
Rubyonrails Rails 2.3.4
Rubyonrails Rails 2.3.9
Rubyonrails Rails 2.3.10
Rubyonrails Rails 2.3.11
Rubyonrails Rails 2.3.12
Rubyonrails Rails 2.3.13
Rubyonrails Rails 2.3.14
Rubyonrails Rails 2.3.15
Rubyonrails Rails 2.3.16
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »