701 matches found
DEBIAN-CVE-2013-1802
The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...
CVE-2013-1800
The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...
Ruby Gem ldoce 0.0.2 Command Execution Vulnerability
Ruby Gem ldoce version 0.0.2 suffers from a command execution vulnerability. Remote command execution in Ruby Gem ldoce 0.0.2 Larry W. Cashdollar @larry0 3/25/2013 Ldoce Ruby Gem: Easily interface with the Longman Dictionary of Contemporary English API from Ruby: NB currently mac only as it depen...
Ruby Gem ldoce 0.0.2 Command Execution
Remote command execution in Ruby Gem ldoce 0.0.2 Larry W. Cashdollar @larry0 3/25/2013 Ldoce Ruby Gem: Easily interface with the Longman Dictionary of Contemporary English API from Ruby: NB currently mac only as it depends on the afplay command. https://github.com/markburns/ldoce Ldoce passes an...
Ruby Thumbshooter Gem 0.1.5 Remote Command Execution
Ruby gem Thumbshooter 0.1.5 remote command execution 3/25/2013 Generates thumbshots of URLs by using Webkit and QT4. https://github.com/digineo/thumbshooter Specially crafted URLs can result in remote code execution if the URL contains shell metacharacters. We see that the url is passed directly ...
Design/Logic Flaw
commandwrap.rb in the commandwrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename...
Ruby Gem Fastreader 1.0.8 Code Execution
Ruby gem fastreader-1.0.8 remote code exec 3/6/2013 if the url contains any ; characters code will be executed as the user. for example if fastreader is fed http://www.g;id;.com id will be executed. ./fastreader-1.0.8/lib/entrycontroller.rb .strip only removes whitespace before and after the URL...
Ruby Gem Curl Command Execution
Curl Ruby Gem Remote command execution 3/12/2013 https://github.com/tg0/curl Specially crafted URLs can result in remote code execution: In ./lib/curl.rb the following lines: 131 cmd = "curl cookiesstore browsertype @setupparams ref "url" " 132 if @debug 133 puts cmd.red 134 end 135 result =...
Ruby Gem Fastreader 1.0.8 Command Execution
Ruby gem fastreader-1.0.8 remote code exec 3/6/2013 https://rubygems.org/gems/fastreader if the url contains any ; characters code will be executed as the user when a web browser is launched. for example if fastreader is fed http://www.g;id;.com id will be executed...
Ruby Gem Minimagic Command Execution Vulnerability
Ruby Gem MiniMagic suffers from a remote command execution vulnerability due to a lack of user input sanitization. MiniMagic ruby gem remote code execution 3/12/2013 https://github.com/hcatlin/minimagick A ruby wrapper for ImageMagick or GraphicsMagick command line. Tested on both Ruby 1.9.2 and...
Ruby Gem Fastreader 1.0.8 Command Execution Vulnerability
Ruby Gem Fastreader version 1.0.8 suffers from a remote command execution vulnerability due to a lack of user input sanitization. Ruby gem fastreader-1.0.8 remote code exec 3/6/2013 https://rubygems.org/gems/fastreader if the url contains any ; characters code will be executed as the user when a...
Ruby Gem Minimagic Command Execution
MiniMagic ruby gem remote code execution 3/12/2013 https://github.com/hcatlin/minimagick A ruby wrapper for ImageMagick or GraphicsMagick command line. Tested on both Ruby 1.9.2 and Ruby 1.8.7. If a URL is from an untrusted source, commands can be injected into it for remote code execution with...
Ruby Gem Curl Command Execution Vulnerability
Ruby Gem Curl suffers from a remote command execution vulnerability due to a lack of user input sanitization. Curl Ruby Gem Remote command execution 3/12/2013 https://github.com/tg0/curl Specially crafted URLs can result in remote code execution: In ./lib/curl.rb the following lines: 131 cmd =...
Ruby Gem ftpd-0.2.1 Remote Command Execution
Remote command execution for Ruby Gem ftpd-0.2.1 2/28/2013 https://github.com/wconrad/ftpd http://rubygems.org/gems/ftpd "ftpd is a pure Ruby FTP server library. It supports implicit and explicit TLS, passive and active mode, and most of the commands specified in RFC 969. It an be used as part of...
Fileutils Ruby Gem Remote Command Execution
Possible remote command execution and insecure file handling in /tmp. 2/23/2013 http://rubygems.org/gems/fileutils "A set of utility classes to extract meta data from different file types". Handles files insecurely in /tmp, a directory is created for that file extension say 'zip' and files are...
Fedora 18 : rubygem-actionpack-3.2.8-2.fc18 / rubygem-activerecord-3.2.8-3.fc18 / etc (2013-0568)
Fix for CVE-2013-0155 and CVE-2013-0156. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
Ruby Gem nori Parameter Parsing Remote Code Execution
The Ruby Gem nori has a parameter parsing error that may allow an attacker to execute arbitrary code. This vulnerability has to do with type casting during parsing, and is related to CVE-2013-0156...
CVE-2011-0995
The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise SLE 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors...
CVE-2011-0995
The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise SLE 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors...
CVE-2011-0995
The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise SLE 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors...