Ruby on Rails has SQL injection vulnerability
From http://www.theregister.co.uk/2013/01...njection_vuln/
Quote:
The maintainers of Ruby on Rails are warning of an SQL injection vulnerability which affects all versions of the popular Web framework.
They advise that users should immediately apply an upgrade available here.
Designated CVE-2012-5664, the maintainers explain the bug this way: “Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL.”
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|