what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2013-0256

Status Candidate

Overview

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Related Files

Red Hat Security Advisory 2013-0728-01
Posted Apr 10, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0728-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that documentation created by RDoc was vulnerable to a cross-site scripting attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's session. As RDoc is used for creating documentation for Ruby source files, it is not a common scenario to make such documentation accessible over the network.

tags | advisory, remote, web, arbitrary, xss, ruby
systems | linux, redhat
advisories | CVE-2013-0256
SHA-256 | e4aa1360f63ad9831bbfb889675e74bdad2f2deae445fbb8e575b78c0ff578e1
Red Hat Security Advisory 2013-0701-01
Posted Apr 3, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0701-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw in rubygem-json and ruby193-rubygem-json allowed remote attacks by creating different types of malicious objects. For example, it could initiate a denial of service attack through resource consumption by using a JSON document to create arbitrary Ruby symbols, which were never garbage collected. It could also be exploited to create internal objects which could allow a SQL injection attack. It was found that documentation created by rubygem-rdoc and ruby193-rubygem-rdoc was vulnerable to a cross-site scripting attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's session. As rubygem-rdoc and ruby193-rubygem-rdoc are used for creating documentation for Ruby source files, it is not a common scenario to make such documentation accessible over the network.

tags | advisory, remote, web, denial of service, arbitrary, xss, sql injection, ruby
systems | linux, redhat
advisories | CVE-2013-0256, CVE-2013-0269
SHA-256 | 21efbd85baf775bf343fbbe58aead019bee9fbcbd96c4e3f3a252fe9940c4e97
Red Hat Security Advisory 2013-0686-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0686-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. The latest packages for Subscription Asset Manager include a number of security fixes: When a Subscription Asset Manager instance is created, its configuration script automatically creates an RPM of the internal subscription service CA certificate. However, this RPM incorrectly created the CA certificate with file permissions of 0666. This allowed other users on a client system to modify the CA certificate used to trust the remote subscription server. All administrators are advised to update and deploy the subscription service certificate on all systems which use Subscription Asset Manager as their subscription service.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-6116, CVE-2012-6119, CVE-2013-0256, CVE-2013-0263, CVE-2013-0269, CVE-2013-0276, CVE-2013-1823
SHA-256 | 0963c8e1d61d8ac6df642de01a0698f0b64aa8bfa0d30d87859ee165ddb3111b
Red Hat Security Advisory 2013-0548-01
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0548-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. It provides self-service computing resources to users in a managed, governed, and secure way. Three flaws were found in rubygem-rack. A remote attacker could use these flaws to perform a denial of service attack against applications using rubygem-rack. It was found that documentation created by rubygem-rdoc was vulnerable to a cross-site scripting attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's session. As rubygem-rdoc is used for creating documentation for Ruby source files, it is not a common scenario to make such documentation accessible over the network.

tags | advisory, remote, web, denial of service, arbitrary, xss, ruby
systems | linux, redhat
advisories | CVE-2012-6109, CVE-2013-0162, CVE-2013-0183, CVE-2013-0184, CVE-2013-0256
SHA-256 | 7eeecf4bd61add69a8fdb62e0fc678b6962eaa82560b226a399c33ad350a2198
Ubuntu Security Notice USN-1733-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1733-1 - Jean-Philippe Aumasson discovered that Ruby incorrectly generated predictable hash values. An attacker could use this issue to generate hash collisions and cause a denial of service. Evgeny Ermakov discovered that documentation generated by rdoc is vulnerable to a cross-site scripting issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, xss, ruby
systems | linux, ubuntu
advisories | CVE-2012-5371, CVE-2013-0256, CVE-2013-0269, CVE-2012-5371, CVE-2013-0256, CVE-2013-0269
SHA-256 | dddd7e4c2113ee021334b4b14478e4a1ed7d308a57d26ab172def828073de257
Page 1 of 1
Back1Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close