Download
| Alert*
oval:org.secpod.oval:def:5012
Ruby on Rails is installed on Mac OS X oval:org.secpod.oval:def:1519 The host is installed with Ruby on Rails and is prone to cross-site scripting vulnerability. A flaw is present in the application, which fails to handle mutation of safe buffers. Successful exploitation allows remote attackers to conduct XSS attacks via crafted strings. oval:org.secpod.oval:def:290 Ruby on Rails is installed oval:org.secpod.oval:def:292 The host is installed with Ruby on Rails versions 3.0.x before 3.0.4 and is prone to filter bypass vulnerability. A flaw is present in the application, which fails to handle the filtering operation in the case insensitive file systems. Successful exploitation allow remote attackers to bypass intende ... oval:org.secpod.oval:def:2500 The host is installed with Ruby on Rails 3.0.5 and is prone to security bypass vulnerability. A flaw is present in the application which fails to properly validate the X-Forwarded-For header in requests from IP addresses on a Class C network. Successful exploitation allows remote attackers to bypass ... oval:org.secpod.oval:def:2495 The host is installed with Ruby on Rails 3.0.x before 3.0.10 or 3.1.x before 3.1.0.rc6 and is prone to filter skipping vulnerability. A flaw is present in the application which fails to properly handle glob characters. Successful exploitation allows an attacker to craft a URL and cause Rails to rend ... oval:org.secpod.oval:def:2497 The host is installed with Ruby on Rails before 2.3.13 or 3.0.x before 3.0.10 or 3.1.x before 3.1.0.rc5 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application which fails to properly handle strip_tags helper. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:2496 The host is installed with Ruby on Rails before 2.3.13 or 3.0.x before 3.0.10 or 3.1.x before 3.1.0.rc5 and is prone to multiple SQL injection vulnerabilities. The flaws are present in the application which fail to properly handle a crafted column name. Successful exploitation allows remote attacker ... oval:org.secpod.oval:def:2499 The host is installed with Ruby on Rails 2.3.x before 2.3.13 and is prone to CRLF injection vulnerability. A flaw is present in the application which fails to sufficiently validate the values provided. Successful exploitation allows remote attackers to inject arbitrary HTTP headers into a response. oval:org.secpod.oval:def:2498 The host is installed with Ruby on Rails before 2.3.13 or 3.0.x before 3.0.10 or 3.1.x before 3.1.0.rc5 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application which fails to properly handle escaping function. Successful exploitation allows remote attackers to ... oval:org.secpod.oval:def:6983 The host is installed with Ruby on rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle vectors involving a ' (quote) character. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:6982 The host is installed with Ruby on rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a malformed HTML markup. Successful exploitation could allow attackers to inject arbitr ... oval:org.secpod.oval:def:6987 The host is installed with Ruby on rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle the prompt field to the select_tag helper. Successful exploitation could allow atta ... oval:org.secpod.oval:def:6986 The host is installed with Ruby on rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle vectors involving a ' (quote) character. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:6304 The host is installed with Ruby on Rails before 3.0.13, 3.1.x before 3.1.5 or 3.2.x before 3.2.4 and is prone to SQL-injection vulnerability. A flaw is present in the application, which fails to properly consider differences in parameter handling between the Active Record component and the Rack inte ... oval:org.secpod.oval:def:6985 The host is installed with Ruby on rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a malformed HTML markup. Successful exploitation could allow attackers to inject arbitr ... oval:org.secpod.oval:def:6303 The host is installed with Ruby on Rails before 3.0.14, 3.1.x before 3.1.6 or 3.2.x before 3.2.6 and is prone to unsafe SQL query generation vulnerability. A flaw is present in the application, which fails to properly consider differences in parameter handling between the Active Record component and ... oval:org.secpod.oval:def:6984 The host is installed with Ruby on rails 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle the prompt field to the select_tag helper. Successful exploitation could allow at ... oval:org.secpod.oval:def:6308 The host is installed with Ruby on Rails before 3.0.13, 3.1.x before 3.1.5 or 3.2.x before 3.2.4 and is prone to SQL-injection vulnerability. A flaw is present in the application, which fails to properly consider differences in parameter handling between the Active Record component and the Rack inte ... oval:org.secpod.oval:def:6307 The host is installed with Ruby on Rails before 3.0.14, 3.1.x before 3.1.6 or 3.2.x before 3.2.6 and is prone to unsafe SQL query generation vulnerability. A flaw is present in the application, which fails to properly consider differences in parameter handling between the Active Record component and ... oval:org.secpod.oval:def:5013 The host is installed with Ruby on Rails 3.0.x before 3.0.12 or 3.1.x before 3.1.4 or 3.2.x before 3.2.2 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to sufficiently sanitize user-supplied input. Successful exploitation allows remote att ... oval:org.secpod.oval:def:5010 The host is installed with Ruby on Rails 3.0.x before 3.0.12 or 3.1.x before 3.1.4 or 3.2.x before 3.2.2 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to sufficiently sanitize user-supplied input. Successful exploitation allows remote att ... oval:org.secpod.oval:def:5014 The host is installed with Ruby on Rails 3.0.x before 3.0.12 or 3.1.x before 3.1.4 or 3.2.x before 3.2.2 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to sufficiently sanitize user-supplied input. Successful exploitation allows remote att ... oval:org.secpod.oval:def:5011 The host is installed with Ruby on Rails 3.0.x before 3.0.12 or 3.1.x before 3.1.4 or 3.2.x before 3.2.2 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to sufficiently sanitize user-supplied input. Successful exploitation allows remote att ... oval:org.secpod.oval:def:6305 The host is installed with Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5 or 3.2.x before 3.2.4 and is prone to SQL-injection vulnerability. A flaw is present in the application, which fails to properly implement the passing of request data to a where method in an ActiveRecord class. Successf ... oval:org.secpod.oval:def:6309 The host is installed with Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5 or 3.2.x before 3.2.4 and is prone to SQL-injection vulnerability. A flaw is present in the application, which fails to properly implement the passing of request data to a where method in an ActiveRecord class. Successf ... oval:org.secpod.oval:def:6302 The host is installed with Ruby on Rails before 3.0.14, 3.1.x before 3.1.6 or 3.2.x before 3.2.6 and is prone to SQL-injection vulnerability. A flaw is present in the application, which fails to properly implement the passing of request data to a where method in an ActiveRecord class. Successful exp ... oval:org.secpod.oval:def:6306 The host is installed with Ruby on Rails before 3.0.14, 3.1.x before 3.1.6 or 3.2.x before 3.2.6 and is prone to SQL-injection vulnerability. A flaw is present in the application, which fails to properly implement the passing of request data to a where method in an ActiveRecord class. Successful exp ... oval:org.secpod.oval:def:291 The host is installed with Ruby on Rails and is prone to filter bypass vulnerability. A flaw is present in the application, which fails to handle filtering operation in case-insensitive file systems. Successful exploitation allows remote attackers to bypass intended access restrictions using an act ... |