CVE-2007-5380

Related Files

Gentoo Linux Security Advisory 200912-2

Posted Dec 21, 2009

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 200912-2 - Multiple vulnerabilities have been discovered in Rails, the worst of which leading to the execution of arbitrary SQL statements. Versions less than 2.2.2 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2007-5380, CVE-2007-6077, CVE-2008-4094, CVE-2008-7248, CVE-2009-2422, CVE-2009-3009, CVE-2009-3086, CVE-2009-4214

SHA-256 | 16d8e364cfb92aed20ead8b90f7ddfb138996017dcb068bdfb6e381ed4b6eee8

Download | Favorite | View

Gentoo Linux Security Advisory 200711-17

Posted Nov 15, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-17 - candlerb found that ActiveResource, when processing responses using the Hash.from_xml() function, does not properly sanitize filenames. The session management functionality allowed the session_id to be set in the URL. BCC discovered that the to_json() function does not properly sanitize input before returning it to the user. Versions less than 1.2.5 are affected.

tags | advisory

systems | linux, gentoo

advisories | CVE-2007-3227, CVE-2007-5379, CVE-2007-5380

SHA-256 | 56267a11d2e0430390325feac70669ed4b084a3bbfe8e068dc20a304ea8ef191

Download | Favorite | View