Download
| Alert*
oval:org.secpod.oval:def:400359
3 Security issues were fixed in rails 2.3 core components. 2 NULL query issues where fixed in the actionpack gem. 1 SQL injection was fixed in the activerecord gem. oval:org.secpod.oval:def:104436 Implements the ActiveRecord pattern for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. oval:org.secpod.oval:def:104430 Implements the ActiveRecord pattern for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. oval:org.secpod.oval:def:104651 Implements the ActiveRecord pattern for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. oval:org.secpod.oval:def:103958 Implements the ActiveRecord pattern for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. oval:org.secpod.oval:def:103955 Implements the ActiveRecord pattern for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. oval:org.secpod.oval:def:6302 The host is installed with Ruby on Rails before 3.0.14, 3.1.x before 3.1.6 or 3.2.x before 3.2.6 and is prone to SQL-injection vulnerability. A flaw is present in the application, which fails to properly implement the passing of request data to a where method in an ActiveRecord class. Successful exp ... oval:org.secpod.oval:def:6306 The host is installed with Ruby on Rails before 3.0.14, 3.1.x before 3.1.6 or 3.2.x before 3.2.6 and is prone to SQL-injection vulnerability. A flaw is present in the application, which fails to properly implement the passing of request data to a where method in an ActiveRecord class. Successful exp ... oval:org.secpod.oval:def:104513 Implements the ActiveRecord pattern for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. oval:org.secpod.oval:def:400481 This update updates the RubyOnRails 2.3 stack to 2.3.16. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed. CVE-2012-2695: A SQL injection via nested hashes in conditions was ... oval:org.secpod.oval:def:400486 This update updates the RubyOnRails 2.3 stack to 2.3.16, also this update updates the RubyOnRails 3.2 stack to 3.2.11. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed. CVE-2 ... oval:org.secpod.oval:def:104499 Implements the ActiveRecord pattern for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. |