Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:18.02.2013
Source:
SecurityVulns ID:12899
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:RAILS : rails 2.3
 IRIS : iris 1.3
 JQUERY : jquery 1.6
 JFORUM : jforum 2.1
CVE:CVE-2013-0277 (ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.)
 CVE-2013-0276 (ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.)
 CVE-2012-6446
 CVE-2012-6445
 CVE-2011-4969 (Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.)
Original documentdocumentUBUNTU, [USN-1722-1] jQuery vulnerability (18.02.2013)
 documentDEBIAN, [SECURITY] [DSA 2620-1] rails security update (18.02.2013)
 documentaeon.s.flux_(at)_gmail.com, I Read It Somewhere (IRIS) citations management tool <= v1.3 (post auth) Remote Command Execution (18.02.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod