Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails vulnerabilities and exploits
(subscribe to this query)
571
VMScore
CVE-2013-0155
Ruby on Rails 3.0.x prior to 3.0.19, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote malicious users to bypass intended database-quer...
Rubyonrails Ruby On Rails
Rubyonrails Rails
Debian Debian Linux 6.0
2 Github repositories
873
VMScore
CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails prior to 2.3.15, 3.0.x prior to 3.0.19, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.11 does not properly restrict casts of string values, which allows remote malicious users to conduct object-injection attacks and exe...
Rubyonrails Ruby On Rails
Rubyonrails Rails
Debian Debian Linux 7.0
Debian Debian Linux 6.0
2 EDB exploits
2 Metasploit modules
2 Nmap scripts
11 Github repositories
3 Articles
445
VMScore
CVE-2012-6497
The Authlogic gem for Ruby on Rails, when used with certain versions prior to 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote malicious users to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a know...
Rubyonrails Rails
668
VMScore
CVE-2012-6496
SQL injection vulnerability in the Active Record component in Ruby on Rails prior to 3.0.18, 3.1.x prior to 3.1.9, and 3.2.x prior to 3.2.10 allows remote malicious users to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders ...
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.3
Rubyonrails Rails 3.1.6
Rubyonrails Rails 3.1.7
Rubyonrails Rails 3.1.8
Rubyonrails Ruby On Rails
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.16
Rubyonrails Rails 3.0.4
383
VMScore
CVE-2012-3463
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 allows remote malicious users to inject arbitrary web script or HTML via the prompt field to the ...
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.16
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
383
VMScore
CVE-2012-3465
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 allows remote malicious users to inject arbitrary web script or HTML via mal...
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.7.0
Rubyonrails Rails 1.2.4
Rubyonrails Ruby On Rails 0.8.5
Rubyonrails Ruby On Rails 0.6.0
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Ruby On Rails 0.9.0
Rubyonrails Ruby On Rails 0.5.5
Rubyonrails Ruby On Rails
Rubyonrails Ruby On Rails 0.5.0
Rubyonrails Ruby On Rails 0.6.5
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 0.9.1
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Rails 0.9.4
Rubyonrails Rails 0.9.4.1
Rubyonrails Rails 0.10.0
Rubyonrails Rails 0.10.1
Rubyonrails Rails 0.11.0
Rubyonrails Rails 0.11.1
383
VMScore
CVE-2012-3464
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails prior to 3.0.17, 3.1.x prior to 3.1.8, and 3.2.x prior to 3.2.8 might allow remote malicious users to inject arbitrary web script or HTML via vectors inv...
Rubyonrails Ruby On Rails 0.8.0
Rubyonrails Ruby On Rails 0.5.7
Rubyonrails Ruby On Rails 0.7.0
Rubyonrails Rails 1.2.4
Rubyonrails Ruby On Rails 0.8.5
Rubyonrails Ruby On Rails 0.6.0
Rubyonrails Ruby On Rails 0.5.6
Rubyonrails Ruby On Rails 0.9.0
Rubyonrails Ruby On Rails 0.5.5
Rubyonrails Ruby On Rails
Rubyonrails Ruby On Rails 0.5.0
Rubyonrails Ruby On Rails 0.6.5
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 0.9.1
Rubyonrails Rails 0.9.2
Rubyonrails Rails 0.9.3
Rubyonrails Rails 0.9.4
Rubyonrails Rails 0.9.4.1
Rubyonrails Rails 0.10.0
Rubyonrails Rails 0.10.1
Rubyonrails Rails 0.11.0
Rubyonrails Rails 0.11.1
445
VMScore
CVE-2012-3424
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x prior to 3.0.16, 3.1.x prior to 3.1.7, and 3.2.x prior to 3.2.7 converts Digest Authentication strings to symbols, which allows remote malicious users to cause a de...
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.14
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.3
383
VMScore
CVE-2012-2694
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails prior to 3.0.14, 3.1.x prior to 3.1.6, and 3.2.x prior to 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote malicious u...
Rubyonrails Ruby On Rails
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.3
1 Github repository
570
VMScore
CVE-2012-2660
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails prior to 3.0.13, 3.1.x prior to 3.1.5, and 3.2.x prior to 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote malicious u...
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
Rubyonrails Rails 3.0.13
Rubyonrails Rails 3.0.3
Rubyonrails Rails 3.0.11
Rubyonrails Rails 3.0.4
Rubyonrails Rails 3.0.5
Rubyonrails Rails 3.0.6
Rubyonrails Rails 3.0.7
Rubyonrails Rails 3.0.8
Rubyonrails Rails 3.0.9
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.1.1
Rubyonrails Rails 3.1.2
Rubyonrails Rails 3.1.4
Rubyonrails Rails 3.1.5
Rubyonrails Rails 3.1.3
Rubyonrails Rails 3.2.0
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »