Creditee: joernchen

Known Contact Information:

  • (as of 2010-12-24)

Known Affiliations:

Disclosed Vulnerabilities (14):

Disc. DateOSVDB IDCVEIDTitle
2013-02-11 90072 2013-0276 Ruby on Rails Active Record attr_protected Method Bypass
2013-02-06 90206 2013-3221 Ruby on Rails Applications Common Patterns Input Handling Database Typecasting Conflict Incorrect Record Matching Weakness
2013-01-28 89642 2013-0233 Devise Database Type Conversion Crafted Request Parsing Security Bypass
2012-12-21 88661 2012-5664
2012-6496		 Ruby on Rails find_by_* Methods Authlogic SQL Injection Bypass
2012-12-21 89064 2012-6497 Ruby on Rails Authlogic Gem secret_token.rb Known secret_token Value Weakness
2012-01-31 78659 2012-0809 sudo src/sudo.c sudo_debug() Function Format String Local Privilege Escalation
2012-01-20 78480 Gitorious Request Parsing Shell Command Injection
2011-10-05 76011 Spree Search ProductScope Class search[send][] Parameter Arbitrary Command Execution
2011-04-19 71900 Spree api/orders.json Search Function Arbitrary Command Execution
2011-02-22 71553 2011-1140 Wireshark Multiple Function SMB Packet Handling DoS
2011-02-22 71552 2011-1140 Wireshark Multiple Function CLDAP Packet Handling DoS
2010-12-24 70092 2011-4927 Redmine Unspecified Information Disclosure
2010-12-24 70091 2011-4928 Redmine Textile Formatter Unspecified XSS
2010-12-24 70090 2011-4929 Redmine Bazaar Repository Adapter rev Parameter Arbitrary Command Injection

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2013 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use