Download
| Alert*
oval:org.secpod.oval:def:104606
Utility library which carries commonly used classes and goodies from the Rails framework oval:org.secpod.oval:def:400481 This update updates the RubyOnRails 2.3 stack to 2.3.16. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed. CVE-2012-2695: A SQL injection via nested hashes in conditions was ... oval:org.secpod.oval:def:400486 This update updates the RubyOnRails 2.3 stack to 2.3.16, also this update updates the RubyOnRails 3.2 stack to 3.2.11. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed. CVE-2 ... oval:org.secpod.oval:def:104777 Utility library which carries commonly used classes and goodies from the Rails framework oval:org.secpod.oval:def:13788 The host is missing a security update according to Apple advisory, APPLE-SA-2013-03-14-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:104632 Utility library which carries commonly used classes and goodies from the Rails framework oval:org.secpod.oval:def:13779 The host is installed with Apple Mac OS X Server 10.7 through 10.7.5, Apple Mac OS X Server 10.6.8 or Apple Mac OS X 10.6.8 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle crafted JSON data. Successful exploitation could ... oval:org.secpod.oval:def:14174 The host is missing an important security update according to Apple advisory, APPLE-SA-2013-06-04-1. The update is required to fix multiple vulnerabilities. The flaw are present in the application, which fails to handle a crafted application. Successful exploitation could allow attackers to crash th ... oval:org.secpod.oval:def:600955 Lawrence Pit discovered that Ruby on Rails, a web development framenwork, is vulnerable to a flaw in the parsing of JSON to YAML. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML. The vulnerability has been addressed by removing the YAML backend and ad ... |