Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails prior to 2.3.15, 3.0.x prior to 3.0.19, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.11 does not properly restrict casts of string values, which allows remote malicious users to conduct object-injection attacks and exe...
Rubyonrails Ruby On Rails
Rubyonrails Rails
Debian Debian Linux 7.0
Debian Debian Linux 6.0
2 EDB exploits
2 Metasploit modules
2 Nmap scripts
11 Github repositories
3 Articles
6.4
CVSSv2
CVE-2013-0155
Ruby on Rails 3.0.x prior to 3.0.19, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote malicious users to bypass intended database-quer...
Rubyonrails Ruby On Rails
Rubyonrails Rails
Debian Debian Linux 6.0
2 Github repositories
7.5
CVSSv2
CVE-2012-6496
SQL injection vulnerability in the Active Record component in Ruby on Rails prior to 3.0.18, 3.1.x prior to 3.1.9, and 3.2.x prior to 3.2.10 allows remote malicious users to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders ...
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.7
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.8
Rubyonrails Rails 3.1.3
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.6
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.2
5
CVSSv2
CVE-2012-6497
The Authlogic gem for Ruby on Rails, when used with certain versions prior to 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote malicious users to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a know...
Rubyonrails Rails
4.3
CVSSv2
CVE-2012-3463
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 allows remote malicious users to inject arbitrary web script or HTML via the prompt field to the ...
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.16
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.10
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.1
4.3
CVSSv2
CVE-2012-3464
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 might allow remote malicious users to inject arbitrary web script or HTML via vectors inv...
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Rails 2.1.1
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 1.2.4
Rubyonrails Rails 1.2.3
Rubyonrails Rails 1.1.3
Rubyonrails Rails 1.1.2
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Rails 3.0.9
4.3
CVSSv2
CVE-2012-3465
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 allows remote malicious users to inject arbitrary web script or HTML via mal...
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Ruby On Rails
Rubyonrails Rails 2.1.2
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.0.0
Rubyonrails Rails 2.3.3
Rubyonrails Rails 1.2.4
Rubyonrails Rails 1.2.3
Rubyonrails Rails 1.2.2
Rubyonrails Rails 1.1.2
Rubyonrails Rails 1.1.1
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.6.0
5
CVSSv2
CVE-2012-3424
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x prior to 3.0.16, 3.1.x prior to 3.1.7, and 3.2.x prior to 3.2.7 converts Digest Authentication strings to symbols, which allows remote malicious users to cause a de...
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.7
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.1.3
4.3
CVSSv2
CVE-2012-2694
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails prior to 3.0.14, 3.1.x prior to 3.1.6, and 3.2.x prior to 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote malicious u...
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.0
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.9
Rubyonrails Ruby On Rails
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.3
1 Github repository
7.5
CVSSv2
CVE-2012-2695
The Active Record component in Ruby on Rails prior to 3.0.14, 3.1.x prior to 3.1.6, and 3.2.x prior to 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote malicious users to conduct certain SQL injection at...
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.3
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Ruby On Rails
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »