what you don't know can hurt you
Showing 1 - 5 of 5 RSS Feed

CVE-2012-6496

Status Candidate

Overview

SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.

Related Files

Gentoo Linux Security Advisory 201401-22
Posted Jan 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-22 - A vulnerability in Active Record could allow a remote attacker to inject SQL commands. Versions less than 2.3.14-r1 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2012-6496
MD5 | 4ee065bfc24440df8bd85fb9a6c3cbe3
Red Hat Security Advisory 2013-0544-01
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0544-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. It was discovered that Katello did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to download consumer certificates or change settings of other users' systems if they knew the target system's UUID. A vulnerability in rubygem-ldap_fluff allowed a remote attacker to bypass authentication and log into Subscription Asset Manager when a Microsoft Active Directory server was used as the back-end authentication server.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-5561, CVE-2012-5603, CVE-2012-5604, CVE-2012-6109, CVE-2012-6496, CVE-2013-0162, CVE-2013-0183, CVE-2013-0184
MD5 | 88ace63fe0f85b6fd97c4f12f5a71b2e
Red Hat Security Advisory 2013-0220-01
Posted Feb 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0220-01 - Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-5658, CVE-2012-6072, CVE-2012-6073, CVE-2012-6074, CVE-2012-6496, CVE-2013-0158, CVE-2013-0164
MD5 | f239b3b1f07bd79606a9dc7bd5662ad2
Red Hat Security Advisory 2013-0155-01
Posted Jan 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0155-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Active Record implements object-relational mapping for accessing database entries using objects. Active Support provides support and utility classes used by the Ruby on Rails framework. Multiple flaws were found in the way Ruby on Rails performed XML parameter parsing in HTTP requests. A remote attacker could use these flaws to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created HTTP request.

tags | advisory, remote, web, arbitrary, sql injection, ruby
systems | linux, redhat
advisories | CVE-2012-6496, CVE-2013-0155, CVE-2013-0156
MD5 | 08647977e61a9558891adc8b5ab5742f
Red Hat Security Advisory 2013-0154-01
Posted Jan 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0154-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Active Record implements object-relational mapping for accessing database entries using objects. Active Support provides support and utility classes used by the Ruby on Rails framework. Multiple flaws were found in the way Ruby on Rails performed XML parameter parsing in HTTP requests. A remote attacker could use these flaws to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created HTTP request.

tags | advisory, remote, web, arbitrary, sql injection, ruby
systems | linux, redhat
advisories | CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695, CVE-2012-3424, CVE-2012-3463, CVE-2012-3464, CVE-2012-3465, CVE-2012-6496, CVE-2013-0155, CVE-2013-0156
MD5 | dbcc15f86e5c4395b8f5732abfc1a9c7
Page 1 of 1
Back1Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    15 Files
  • 14
    Apr 14th
    27 Files
  • 15
    Apr 15th
    19 Files
  • 16
    Apr 16th
    7 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close