Displaying 20 results from an estimated 1000 matches similar to: "ActiveRecord::Base.sanitize_sql and SQL injection vulnerability."
2005 Aug 28
1
Arcoread7 secutiry vulnerability
Hi!
cc'd to freebsd-security@ as somebody there may correct me,
cc'd to secteam@ as maintaner of security/portaudit.
On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote:
> I've just updated my acroread port to 7.0.1 & was surprised when portaudit
> still listed it as a vulnerability.
I think it is portaudit problem.
> According to
2011 May 21
1
OpenVAS Vulnerability
Hi,
Please advice me about the below reported vulnerability.
High
OpenSSH X Connections Session Hijacking Vulnerability
Risk: High
Application: ssh
Port: 22
Protocol: tcp
ScriptID: 100584
Overview:
OpenSSH is prone to a vulnerability that allows attackers to hijack
forwarded X connections.
Successfully exploiting this issue may allow an attacker run arbitrary
shell commands with the privileges
2002 Oct 01
0
Changing a directory to a symlink; rsync balks.
Good day, all,
I'm using rsync 2.5.4 and a statically linked version of 2.5.5 to
back up my main system to a backup drive (See rsync-backup at
http://www.stearns.org/rsync-backup/ ).
First, I made a full backup of the system.
Then, on the main system, I merged the articles in techdocs
to another directory called articles, removed the techdocs directory and
made it a symlink to the
2008 Jan 16
3
is there something like addslashes and stripslashes in prototype
if i would save the content of a textarea into mysql i eventually have to
mask things like ,"/\ and so on.
in php there are the add- and stripslashes functions you could use.
is there somthing compareable like this in the string object of prototype?
if not, it would very nice to have, i think.
function addslashes(str) {
str=str.replace(/\''/g,''\\\'''');
2015 Feb 27
0
OT: AF 4k sector drives with 512 emulation
On Fri, Feb 27, 2015 at 1:53 PM, Robert Arkiletian <robark at gmail.com> wrote:
> Still have good quality older sata hardware raid cards that require 512
> bytes/sector. As far as I know HD manufacturers are not making native 512
> bytes/sector drives any more.
512n drives still exist, although they tend to be a bit smaller, 2TB or less.
2008 Feb 26
2
bash - safely pass untrusted strings?
In bash, given a string assignment as follows, how do I "add slashes"
automagically, so that it can be safely passed to another program? Notice
that the assignment contains spaces, single-quotes and double-quotes, maybe
god-only-knows-what-else. It's untrusted data.
Yet I need to pass it all *safely*.
The appropriate function in PHP is addslashes(); but what is the bash
2006 Jun 30
0
find_by_sql not quoting properly (in acts_as_taggable plugin)
I have run into a very strange problem discovered through the use of
the acts_as_taggable plugin, but related to quoting/sanitizing the
interpolated list in a find_by_sql. Apologies for the length, but I
wanted to be complete. ;-)
The method from acts_as_taggable.rb is:
def find_tagged_with(list)
find_by_sql(["SELECT #{table_name}.* FROM #{table_name},
tags,
2015 Feb 28
1
OT: AF 4k sector drives with 512 emulation
On Fri, Feb 27, 2015 at 2:59 PM, Chris Murphy <lists at colorremedies.com>
wrote:
> On Fri, Feb 27, 2015 at 1:53 PM, Robert Arkiletian <robark at gmail.com>
> wrote:
> > Still have good quality older sata hardware raid cards that require 512
> > bytes/sector. As far as I know HD manufacturers are not making native 512
> > bytes/sector drives any more.
>
>
2006 Apr 04
5
How to implement tag clouds using plugin?
The code on
http://blog.craz8.com/articles/2005/10/28/acts_as_taggable-is-a-cool-piece-of-code
is based on the acts_as_taggable gem,anybody has done that using the
acts_as_taggable plugin?thanks!
btw:the code above uses the tag_count method,which is defined in the
gem:
def tags_count(options = {})
options = {:order => ''count DESC''}.merge(options)
2005 Dec 16
1
acts_as_taggable sql injection vulnerability
Hey everyone!
If you''re using acts_as_taggable <= 1.04, (erm, any version, I
think..) please fix your local copy right now! There are numerous sql
sanitization holes in this library.
I notified Obie of this over a month ago, so hopefully he''s fixed it.
How to tell lif you''re vulnerable
======================
Make a tag with a single quote in it. See if raises an
2007 Oct 16
0
AST-2007-023 - SQL Injection Vulnerability in cdr_addon_mysql
Asterisk Project Security Advisory - AST-2007-023
+------------------------------------------------------------------------+
| Product | Asterisk-Addons |
|--------------------+---------------------------------------------------|
| Summary | SQL Injection Vulnerability in cdr_addon_mysql |
2007 Oct 16
0
AST-2007-023 - SQL Injection Vulnerability in cdr_addon_mysql
Asterisk Project Security Advisory - AST-2007-023
+------------------------------------------------------------------------+
| Product | Asterisk-Addons |
|--------------------+---------------------------------------------------|
| Summary | SQL Injection Vulnerability in cdr_addon_mysql |
2007 May 14
0
[SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability
Spam detection software, running on the system "mail.montanhydraulik.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
postmaster for details.
Content preview: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
2007 May 14
0
[SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================
==
== Subject: Remote Command Injection Vulnerability
== CVE ID#: CVE-2007-2447
==
== Versions: Samba 3.0.0 - 3.0.25rc3 (inclusive)
==
== Summary: Unescaped user input parameters are passed
== as arguments to /bin/sh allowing for remote
== command execution
2015 Jan 28
0
AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
Asterisk Project Security Advisory - AST-2015-002
Product Asterisk
Summary Mitigation for libcURL HTTP request injection
vulnerability
Nature of Advisory HTTP request injection
Susceptibility Remote
2015 Jan 28
0
AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
Asterisk Project Security Advisory - AST-2015-002
Product Asterisk
Summary Mitigation for libcURL HTTP request injection
vulnerability
Nature of Advisory HTTP request injection
Susceptibility Remote
2010 Feb 02
0
[Security] Loofah has an HTML injection / XSS vulnerability, please upgrade to 0.4.6
Synopsis
----------
Loofah::HTML::Document#text emits unencoded HTML entities prior to
0.4.6. This was originally by design, since the output of #text is
intended to be used in a non-HTML context (such as generation of
human-readable text documents).
However, Loofah::XssFoliate''s default behavior and
Loofah::Helpers#strip_tags
both use #text to strip tags out of the output, meaning that
2006 Dec 04
10
Avoiding SQL Injection in :order?
This thread references:
http://www.ruby-forum.com/topic/90258#new
http://www.ruby-forum.com/topic/82349#143790
ActiveRecord''s find() method has built in ways to avoid SQL injection by
using the format
> :conditions => [ "user_name = ?", user_name]
Is there any such system for escaping injection in :order? It seems to
only take a string and feed it to the SQL
2006 Mar 21
2
SQL bug in acts_as_taggable
Hi,
excuse me if this is off-topic and feel free to ingore it in case.
I''m using acts_as_taggable (the gem version) and found what to me
looks like a bug in this code from the method tags_count:
sql = "SELECT #{t}.#{t_pk} AS id, #{t}.name AS name, COUNT
(*) AS count
FROM #{jt}, #{o}, #{t} WHERE #{jt}.#{t_fk} = #{t}.#{t_pk}
AND #{jt}.#{o_fk} =
2008 Oct 15
1
Domain Logon Credential Caching
Folks,
This posting is made so that others who search for infromation on how to
configure Samba for username and password caching will find it.
Samba does not control client-side password caching.
Caching of domain logon credentials is a client-side activity. There are
registry settings on the Windows 2000 Professional and Windows XP Profesional
clients that control logon credential caching.