Debian Security Advisory 2597-1

newsbot

newsbot

RSS Feed
Debian Linux Security Advisory 2597-1 - joernchen of Phenoelit discovered that rails, an MVC ruby based framework geared for web application development, is not properly treating user-supplied input to "find_by_*" methods. Depending on how the ruby on rails application is using these methods, this allows an attacker to perform SQL injection attacks, e.g., to bypass authentication if Authlogic is used and the session secret token is known.

Weiterlesen...
 
Anmelden, um zu antworten.

Ähnliche Themen

Red Hat Security Advisory 2013-0154-01
Red Hat Security Advisory 2013-0154-01: Red Hat Security Advisory 2013-0154-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the...

Red Hat Security Advisory 2013-0153-01
Red Hat Security Advisory 2013-0153-01: Red Hat Security Advisory 2013-0153-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the...

Debian Security Advisory 2604-1
Debian Security Advisory 2604-1: Debian Linux Security Advisory 2604-1 - It was discovered that Rails, the Ruby web application development framework, performed insufficient validation on...

Red Hat Security Advisory 2013-0155-01
Red Hat Security Advisory 2013-0155-01: Red Hat Security Advisory 2013-0155-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the...

Secunia Security Advisory 51637
Secunia Security Advisory 51637: Secunia Security Advisory - Debian has issued an update for rails. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL...

Neueste Themen

Zurück
Oben