Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-0155

EPSS 18.17% · P95
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2013-0155

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ruby on Rails 不安全查询生成漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ruby on Rails(Rails)是Rails核心团队开发维护的一套基于Ruby语言的开源Web应用框架,它是由大卫-海纳梅尔-韩森从美国37signals公司的项目管理工具Basecamp里分离出来的。 Ruby on Rails 3.0.19之前的3.0.x版本,3.1.10之前的3.1.x版本,3.2.11之前的3.2.x版本中存在漏洞,该漏洞源于程序没有正确的考量在Active Record组件与JSON实现之间所处理的参数的差异。通过特制的请求(如‘[nil]’值),远程攻击者利用该漏洞绕
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2013-0155

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2013-0155

登录查看更多情报信息。

Same Patch Batch · n/a · 2013-01-13 · 29 CVEs total

CVE-2013-0757Mozilla Firefox/Thunderbird/SeaMonkey COW绕过权限提升漏洞
CVE-2013-0771Mozilla Firefox/Thunderbird/SeaMonkey 基于堆的缓冲区错误漏洞
CVE-2013-0770Mozilla Firefox/Thunderbird/SeaMonkey 内存破坏漏洞
CVE-2013-0769Mozilla Firefox/Thunderbird/SeaMonkey 内存破坏漏洞
CVE-2013-0768Mozilla Firefox/Thunderbird/SeaMonkey Canvas缓冲区错误漏洞
CVE-2013-0767Mozilla Firefox/Thunderbird/SeaMonkey 越界读取漏洞
CVE-2013-0766Mozilla Firefox/Thunderbird/SeaMonkey 释放后使用漏洞
CVE-2013-0764Mozilla Firefox/Thunderbird/SeaMonkey 任意代码执行漏洞
CVE-2013-0763Mozilla Firefox/Thunderbird/SeaMonkey Mesa释放后使用漏洞
CVE-2013-0762Mozilla Firefox/Thunderbird/SeaMonkey 释放后使用漏洞
CVE-2013-0761Mozilla Firefox/Thunderbird/SeaMonkey 释放后使用漏洞
CVE-2013-0760Mozilla Firefox/Thunderbird/SeaMonkey 缓冲区错误漏洞
CVE-2013-0759Mozilla Firefox/SeaMonkey/Thunderbird 地址栏欺骗漏洞
CVE-2013-0758Mozilla Firefox/Thunderbird/SeaMonkey 权限提升漏洞
CVE-2013-0156Ruby on Rails 输入验证错误漏洞
CVE-2013-0756Mozilla Firefox/Thunderbird/SeaMonkey ‘obj_toSource’函数释放后使用漏洞
CVE-2013-0755Mozilla Firefox/Thunderbird/SeaMonkey Vibrate释放后使用漏洞
CVE-2013-0754Mozilla Firefox/Thunderbird/SeaMonkey 释放后使用漏洞
CVE-2013-0753Mozilla Firefox/Thunderbird/SeaMonkey ‘serializeToStream’释放后使用漏洞
CVE-2013-0752Mozilla Firefox/Thunderbird/SeaMonkey XBL处理内存破坏漏洞

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2013-0155

No comments yet

Leave a comment