Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2011-0448 | 7.5 |
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
|
08-08-2019 - 15:41 | 21-02-2011 - 18:00 | |
CVE-2011-0447 | 6.8 |
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attac
|
08-08-2019 - 15:41 | 14-02-2011 - 21:00 | |
CVE-2011-0449 | 7.5 |
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to byp
|
08-08-2019 - 15:41 | 21-02-2011 - 18:00 | |
CVE-2011-0446 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or
|
08-08-2019 - 15:41 | 14-02-2011 - 21:00 |