exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 617 RSS Feed

Ruby Files

Debian Security Advisory 5635-1
Posted Mar 5, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5635-1 - Aviv Keller discovered that the frames.html file generated by YARD, a documentation generation tool for the Ruby programming language, was vulnerable to cross-site scripting.

tags | advisory, xss, ruby
systems | linux, debian
advisories | CVE-2024-27285
SHA-256 | dcdab1d7f7cf4e649af57210018d82164536fd3183f20fc49dc2b55a1e94d866
Debian Security Advisory 5616-1
Posted Feb 6, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5616-1 - It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer, insufficiently sanitized style elements, which may result in cross-site scripting.

tags | advisory, xss, ruby
systems | linux, debian
advisories | CVE-2023-36823
SHA-256 | cb1891138c71065ba8a31de094547c27038e14dbb35d632d940934fd3474f59c
Gentoo Linux Security Advisory 202401-27
Posted Jan 24, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-27 - Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code. Multiple versions are affected.

tags | advisory, arbitrary, vulnerability, ruby
systems | linux, gentoo
advisories | CVE-2020-25613, CVE-2021-31810, CVE-2021-32066, CVE-2021-33621, CVE-2021-41816, CVE-2021-41817, CVE-2021-41819, CVE-2022-28738, CVE-2022-28739, CVE-2023-28755, CVE-2023-28756
SHA-256 | 94bd32b96511589b4ae3eae1e1b96022fbaeeb99eb332b00a775c863282498ba
Red Hat Security Advisory 2023-7025-01
Posted Nov 15, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7025-01 - An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2021-33621
SHA-256 | f659be7cbae940aa07964e47a15d975938bacceabfbc0234d166401b3f385f65
Debian Security Advisory 5530-1
Posted Oct 23, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5530-1 - Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection.

tags | advisory, denial of service, shell, vulnerability, ruby
systems | linux, debian
advisories | CVE-2022-30122, CVE-2022-30123, CVE-2022-44570, CVE-2022-44571, CVE-2022-44572, CVE-2023-27530, CVE-2023-27539
SHA-256 | 1d720695b79a166118349cbe5f4050069000900a5d5b9d9439ed4da692cb559f
Ubuntu Security Notice USN-6219-1
Posted Jul 17, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6219-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.10 and Ubuntu 20.04 LTS. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue exists because of an incomplete fix for CVE-2023-28755.

tags | advisory, denial of service, ruby
systems | linux, ubuntu
advisories | CVE-2023-28755, CVE-2023-36617
SHA-256 | 00959ed34366bcee4d18cd76de6ced7a9e2b44c45aaa6377bd02caaa7877b79e
Red Hat Security Advisory 2023-3821-01
Posted Jun 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3821-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2021-33621, CVE-2023-28755, CVE-2023-28756
SHA-256 | 915adbe516e63371c901e0dbf9c061957d731f589acb09f314d7244a05d2317a
Ubuntu Security Notice USN-6181-1
Posted Jun 21, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6181-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications the generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. This issue only affected Ubuntu 22.10. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, web, denial of service, cgi, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | f634308d9f8170226b080952b6f1730c28beb18e02e1b9af7f1902121a0a253c
AIEngine 2.4.0
Posted Jun 1, 2023
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua and Go network intrusion detection system engine. AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: Support natively of nefilter on the PacketDispatcher on linux systems. Allow more flexible API query parameters on the api. Allow to see in real time over the Rest API the L7 payloads of selected flows. Improvements on the TCP QoS metrics.Flow drop packets and bytes now available. Fix an issue with RST and ICMP unreach with network devices. Support for IP on GRE tunnels.
tags | tool, java, python, ruby
systems | unix
SHA-256 | 9592ddac406040974faa1b34a459f123d010fd293a18114a8468d871b7825c7b
Red Hat Security Advisory 2023-3291-01
Posted May 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3291-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2021-33621, CVE-2023-28755, CVE-2023-28756
SHA-256 | 20dec59adcb39ef2916d6cca7cd13c8ca58d1f5b2b3c7506b88fe76014af5ad2
Ubuntu Security Notice USN-6087-1
Posted May 18, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6087-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM.

tags | advisory, denial of service, ruby
systems | linux, ubuntu
advisories | CVE-2023-28755, CVE-2023-28756
SHA-256 | cc361b6847f2850db6412282b2a465949ce6e489bc3be40573658c7db61eda9b
Ubuntu Security Notice USN-6055-2
Posted May 8, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6055-2 - USN-6055-1 fixed a vulnerability in Ruby. Unfortunately it introduced a regression. This update reverts the patches applied to CVE-2023-28755 in order to fix the regression pending further investigation. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, ruby
systems | linux, ubuntu
advisories | CVE-2023-28755
SHA-256 | ada5c9e435b07122b3ea37aaeeff4ec44d8a5abb8e17dfa44d63ad098d9107d3
Ubuntu Security Notice USN-6055-1
Posted May 4, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6055-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue is being addressed only for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

tags | advisory, denial of service, ruby
systems | linux, ubuntu
advisories | CVE-2023-28755, CVE-2023-28756
SHA-256 | 57cc9e7412e527b063da950b49c9036f3f360426a199720cba2c4ff74ccb4925
Debian Security Advisory 5389-1
Posted Apr 17, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5389-1 - Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based cross-site scripting (CRS). This update also fixes a regression introduced in previous update that may block certain access for apps using development environment.

tags | advisory, web, vulnerability, xss, ruby
systems | linux, debian
advisories | CVE-2023-23913, CVE-2023-28120
SHA-256 | 74d22f237334eaa35ef53eabd71db5ab39812d288737dc9a32864fea7cc87905
Red Hat Security Advisory 2023-1486-01
Posted Mar 28, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1486-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, code execution, and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution, python, ruby
systems | linux, redhat
advisories | CVE-2022-24790, CVE-2022-30122, CVE-2022-30123, CVE-2022-31129, CVE-2022-31163
SHA-256 | 34681b3994f7696e63749c33f2b4943d1f3991726eb9aa72976cb927c1014ab6
Ubuntu Security Notice USN-5806-3
Posted Mar 21, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5806-3 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 20.04 LTS. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.

tags | advisory, web, cgi, vulnerability, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | 2946affe6446c720209e8c8a6781b9e746e6210d18a5a939af4608b1e97f3dfd
Debian Security Advisory 5372-1
Posted Mar 13, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5372-1 - Multiple vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open redirect.

tags | advisory, web, ruby
systems | linux, debian
advisories | CVE-2021-22942, CVE-2021-44528, CVE-2022-21831, CVE-2022-22577, CVE-2022-23633, CVE-2022-27777, CVE-2023-22792, CVE-2023-22794, CVE-2023-22795, CVE-2023-22796
SHA-256 | 44ed6f4160efe547c9a47f4f62db177c265c289c98a029bb8114b3fa4bca4f1f
Debian Security Advisory 5360-1
Posted Feb 24, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5360-1 - Xi Lu discovered that missing input sanitising in Emacs (in etags, the Ruby mode and htmlfontify) could result in the execution of arbitrary shell commands.

tags | advisory, arbitrary, shell, ruby
systems | linux, debian
advisories | CVE-2022-48337, CVE-2022-48338, CVE-2022-48339
SHA-256 | 82d11ef9e76f7318d8a66038c6614675b087dfdc2b8d50aad0fe55d3dd74b5c7
AIEngine 2.3.0
Posted Feb 20, 2023
Authored by Luis Campo Giralte | Site bitbucket.org

AIEngine is a next generation interactive/programmable Python/Ruby/Java/Lua and Go network intrusion detection system engine. AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.

Changes: Fixed minor issue with DomainNames with * on HTTP and SSL. Now shows the time of the data that is stored internally on FlowManagers and Protocols that has been flushed. Now controls the number of elements that can be shown on the protocols over the API (limit parameter). Now sends IPCs message queue on python callback flows. Improvements made on the DNS protocol with more dns fields.
tags | tool, java, python, ruby
systems | unix
SHA-256 | 65c5483016570ea2fd986c9fd302001786b8924e7bfe294e0bbbd46f415bf974
Hikvision Remote Code Execution / XSS / SQL Injection
Posted Jan 31, 2023
Authored by Thurein Soe

Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.

tags | advisory, remote, arbitrary, vulnerability, code execution, xss, sql injection, ruby
advisories | CVE-2022-28171, CVE-2022-28172
SHA-256 | 9ef9e4e937841d3becdae9ba498b3199c7ac7dfcaea39831e8e5a468cd2d8f10
Ubuntu Security Notice USN-5806-2
Posted Jan 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5806-2 - USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.

tags | advisory, web, cgi, vulnerability, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | 5e9eaa591a250702e16d36f855a65138db55f846075d60d7208d9a3e346086a8
Ubuntu Security Notice USN-5806-1
Posted Jan 18, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5806-1 - Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application.

tags | advisory, web, cgi, ruby
systems | linux, ubuntu
advisories | CVE-2021-33621
SHA-256 | 75ea48c38a96b7594dbd0877d422b431f6c885a45730d787e0fa46952d38d26c
Debian Security Advisory 5310-1
Posted Jan 2, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5310-1 - It was discovered that ruby-image-processing, a ruby package that provides higher-level image processing helpers, is prone to a remote shell execution vulnerability when using the #apply method to apply a series of operations coming from unsanitized user input.

tags | advisory, remote, shell, ruby
systems | linux, debian
advisories | CVE-2022-24720
SHA-256 | 9114837e45c7440099d3923f2a43991909f94c975f31c25f4230d59e7dc5f0fa
Vagrant Synced Folder Vagrantfile Breakout
Posted Oct 27, 2022
Authored by Brendan Coles, HashiCorp | Site metasploit.com

This Metasploit module exploits a default Vagrant synced folder (shared folder) to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable vagrant directory on the guest virtual machine. This directory includes the project Vagrantfile configuration file. Ruby code within the Vagrantfile is loaded and executed when a user runs any vagrant command from the project directory on the host, leading to execution of Ruby code on the host.

tags | exploit, ruby
SHA-256 | 4aa68ef0141c22e4e2be0cd50c642945c2afd7a94ea98ee68a6375e6bd398e81
Red Hat Security Advisory 2022-6855-01
Posted Oct 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6855-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include buffer overflow, denial of service, double free, and spoofing vulnerabilities.

tags | advisory, denial of service, overflow, spoof, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2021-41816, CVE-2021-41817, CVE-2021-41819, CVE-2022-28738, CVE-2022-28739
SHA-256 | 23b2e4fec136d2b841752155cc897796ca8d6de598e56c894f584c758f0ea16e
Page 1 of 25
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close