Gentoo Linux Security Advisory 201401-22 - A vulnerability in Active Record could allow a remote attacker to inject SQL commands. Versions less than 2.3.14-r1 are affected.
5ae7b184f2b9a809ef440c33b3aec3891a6294f8e5e3b68863ece85918e7b2a7Red Hat Security Advisory 2013-0544-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. It was discovered that Katello did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to download consumer certificates or change settings of other users' systems if they knew the target system's UUID. A vulnerability in rubygem-ldap_fluff allowed a remote attacker to bypass authentication and log into Subscription Asset Manager when a Microsoft Active Directory server was used as the back-end authentication server.
40ed8cc02a824cba926dc987492cb7cfa65beb82b844986c7ceface61e3927c2Red Hat Security Advisory 2013-0220-01 - Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments.
d7f14ab1a119bc24c7fd61b05a6f487c5d3f17fa00f6f512435c0f936d885cd7Red Hat Security Advisory 2013-0155-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Active Record implements object-relational mapping for accessing database entries using objects. Active Support provides support and utility classes used by the Ruby on Rails framework. Multiple flaws were found in the way Ruby on Rails performed XML parameter parsing in HTTP requests. A remote attacker could use these flaws to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created HTTP request.
d825b1b57e1d6890cb94057f1685605a18e65bd563bbe43c07cec03d024e59d8Red Hat Security Advisory 2013-0154-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Active Record implements object-relational mapping for accessing database entries using objects. Active Support provides support and utility classes used by the Ruby on Rails framework. Multiple flaws were found in the way Ruby on Rails performed XML parameter parsing in HTTP requests. A remote attacker could use these flaws to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created HTTP request.
b89415f26cbe7df0292f8becc9d6c5ea880a07ca0ff91d3ddedb27ea9643cf93
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed