Exploit the possiblities
Showing 76 - 100 of 462 RSS Feed

Ruby Files

Apple Security Advisory 2014-15-20-1
Posted May 22, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-15-20-1 - OS X Server 3.1.2 is now available and addresses a security issue with Ruby.

tags | advisory, ruby
systems | apple, osx
advisories | CVE-2013-1347
MD5 | 8909af39b889df1793c2ab09690fec15
Gentoo Linux Security Advisory 201405-14
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-14 - A vulnerability in Ruby OpenID may lead to Denial of Service. Versions less than 2.2.2 are affected.

tags | advisory, denial of service, ruby
systems | linux, gentoo
advisories | CVE-2013-1812
MD5 | e9f6ef54947099a2d6ecb484f5cab7ae
Debian Security Advisory 2929-1
Posted May 19, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2929-1 - Several vulnerabilities were discovered in Action Pack, a compononent of Ruby o Rails.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2014-0081, CVE-2014-0082, CVE-2014-0130
MD5 | 9584425479a93ae0d4ed281154e3456e
Red Hat Security Advisory 2014-0510-01
Posted May 15, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0510-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request. All ruby193-rubygem-actionpack users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

tags | advisory, remote, web, arbitrary, local, ruby
systems | linux, redhat
advisories | CVE-2014-0130
MD5 | 0831da7f3dbd24e0ea36700670f4f840
Red Hat Security Advisory 2014-0469-01
Posted May 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0469-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. A flaw was found in the way Ruby on Rails' actionpack rubygem performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155.

tags | advisory, ruby
systems | linux, redhat
advisories | CVE-2013-6417, CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0078, CVE-2014-0137, CVE-2014-2669
MD5 | cdc4d0cfe60c1de3ac3fa143db9a99e5
JRuby Sandbox 0.2.2 Bypass
Posted Apr 24, 2014
Authored by joernchen

jruby-sandbox aims to allow safe execution of user given Ruby code within a JRuby [0] runtime. However via import of Java classes it is possible to circumvent those protections and execute arbitrary code outside the sandboxed environment. Versions 0.2.2 and below are affected.

tags | exploit, java, arbitrary, ruby
MD5 | 2fafc9b85853f0e228f2016f5174b125
Apple Security Advisory 2014-04-22-1
Posted Apr 23, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-04-22-1 - Security Update 2014-002 is now available and addresses vulnerabilities in CFNetwork HTTPProtocol, CoreServicesUIAgent, FontParser, Heimdal Kerberos, ImageIO, Intel Graphics Driver, IOKit Kernel, the kernel, power management, Ruby, and more.

tags | advisory, kernel, vulnerability, ruby
systems | apple
advisories | CVE-2013-4164, CVE-2013-5170, CVE-2013-6393, CVE-2014-1295, CVE-2014-1296, CVE-2014-1314, CVE-2014-1315, CVE-2014-1316, CVE-2014-1318, CVE-2014-1319, CVE-2014-1320, CVE-2014-1321, CVE-2014-1322
MD5 | 85aec207c76bbc366a8922e7e5c5a72c
Ruby Gem sfpagent 0.4.14 Command Injection
Posted Apr 18, 2014
Authored by Larry W. Cashdollar

Ruby Gem sfpagent version 0.4.14 suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
advisories | CVE-2014-2888
MD5 | 1bdaec7a3adf644febe27a2670179c69
Debian Security Advisory 2888-1
Posted Mar 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2888-1 - Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack.

tags | advisory, denial of service, vulnerability, xss, ruby
systems | linux, debian
advisories | CVE-2013-4389, CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417
MD5 | 50af68b6056896c76834c7995af29ced
Debian Security Advisory 2887-1
Posted Mar 28, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2887-1 - Aaron Neyer discovered that missing input sanitizing in the logging component of Ruby Actionmailer could result in denial of service through a malformed e-mail message.

tags | advisory, denial of service, ruby
systems | linux, debian
advisories | CVE-2013-4389
MD5 | 449b4050f0ef00095fe99ff6b7f4dfce
Red Hat Security Advisory 2014-0306-01
Posted Mar 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0306-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. It was found that several number conversion helpers in Action View did not properly escape all their parameters. An attacker could use these flaws to perform a cross-site scripting attack on an application that uses data submitted by a user as parameters to the affected helpers. A memory consumption issue was discovered in the text rendering component of Action View. A remote attacker could use this flaw to perform a denial of service attack by sending specially crafted queries that would result in the creation of Ruby symbols that were never garbage collected.

tags | advisory, remote, web, denial of service, xss, ruby
systems | linux, redhat
advisories | CVE-2014-0081, CVE-2014-0082
MD5 | 2165282286e43fb494ca0b87573ab2ed
Ruby Gem Arabic Prawn 0.0.1 Command Injection
Posted Mar 12, 2014
Authored by Larry W. Cashdollar

Arabic Prawn Ruby gem version 0.0.1 suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
advisories | CVE-2014-2322
MD5 | b3975bf33d1b33dfd278e6017e8adc51
Red Hat Security Advisory 2014-0215-01
Posted Mar 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0215-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, overflow, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2013-4164, CVE-2014-0057, CVE-2014-0081, CVE-2014-0082
MD5 | e1a7d0c7e42e3692cd8b570e480fe9c5
Red Hat Security Advisory 2014-0207-01
Posted Feb 25, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0207-01 - RubyGems is the Ruby standard for publishing and managing third-party libraries. It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion.

tags | advisory, denial of service, ruby
systems | linux, redhat
advisories | CVE-2013-4287
MD5 | 8e171ce1005907d516b3b2081dbcd6ea
Red Hat Security Advisory 2014-0025-01
Posted Jan 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0025-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation enterprises need to address the challenges of managing virtual environments, which are far more complex than physical ones. This technology enables enterprises with existing virtual infrastructures to improve visibility and control, and those just starting virtualization deployments to build and operate a well-managed virtual infrastructure. It was found that sending a GET request for a destructive action could bypass the Ruby on Rails protect_from_forgery mechanism. A remote attacker could use this flaw to perform Cross-Site Request Forgery attacks against CloudForms applications.

tags | advisory, remote, ruby, csrf
systems | linux, redhat
advisories | CVE-2013-6443
MD5 | 015d78fbd4ba2533669624f16b3d3f46
Red Hat Security Advisory 2014-0011-01
Posted Jan 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0011-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, overflow, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2013-4164
MD5 | 8b58b32ce7dcc253bf460f6aba37fe0f
Red Hat Security Advisory 2014-0008-01
Posted Jan 6, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0008-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A flaw was found in the way Ruby on Rails performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417
MD5 | 5ae558b60f8f872d3c4e01d807d8de86
Debian Security Advisory 2830-1
Posted Dec 31, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2830-1 - Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by the ruby-i18n package.

tags | advisory, xss, ruby
systems | linux, debian
advisories | CVE-2013-4492
MD5 | 6760ec0359de3d5742f5db2eed25394f
Slackware Security Advisory - ruby Updates
Posted Dec 18, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New ruby packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory, ruby
systems | linux, slackware
advisories | CVE-2013-4164
MD5 | 8e1d38702aee4f45812f63a43cb51195
Bio Basespace SDK 0.1.7 API Key Exposure
Posted Dec 15, 2013
Authored by Larry W. Cashdollar

The Bio Basespace SDK 0.1.7 Ruby Gem API client code passes the API_KEY to a curl command. This exposes the api key to the shell and process table. Another user on the system could snag the api key by just monitoring the process table.

tags | advisory, shell, info disclosure, ruby
MD5 | b1ca33732f5897d0d54df787a6147a70
Ruby Gem Webbynode 1.0.5.3 Command Injection
Posted Dec 13, 2013
Authored by Larry W. Cashdollar

Ruby Gem Webbynode version 1.0.5.3 suffers from a remote command injection vulnerability.

tags | exploit, remote, ruby
MD5 | 09c9ebdbba7bb53ce08e8be7fa70bd7c
Red Hat Security Advisory 2013-1794-01
Posted Dec 6, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1794-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A flaw was found in the way Ruby on Rails performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417
MD5 | 64416d97c3bb0323fdf7b8979b7e68c1
Debian Security Advisory 2810-1
Posted Dec 5, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2810-1 - Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.

tags | advisory, arbitrary, ruby
systems | linux, debian
advisories | CVE-2013-4164
MD5 | 6498173d65a1c9ecdc5c9d0293cc1146
Debian Security Advisory 2809-1
Posted Dec 5, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2809-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2013-1821, CVE-2013-4073, CVE-2013-4164
MD5 | e799f488cbc7b8db8045f474277c1fdd
Ruby Gem Sprout 0.7.246 Command Injection
Posted Dec 2, 2013
Authored by Larry W. Cashdollar

Ruby Gem Sprout version 0.7.246 suffers from a command injection vulnerability.

tags | exploit, ruby
MD5 | 92524400733df8cb7c0960cb92bec69f
Page 4 of 19
Back23456Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    0 Files
  • 17
    Jan 17th
    0 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close