55 matches found
Code backdoor in simple_captcha2
The simplecaptcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...
Code injection
The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...
CVE-2019-14282
The simplecaptcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...
CVE-2019-14282
The simplecaptcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...
CVE-2019-14282
The simplecaptcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...
paranoid2 gem Code backdoor
The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5...
CVE-2019-13589
The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5...
Code injection
The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5...
CVE-2019-13354
The strongpassword gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6...
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability
The strongpassword gem on RubyGems.org was hijacked by a malicious actor. The malicious actor published v0.0.7 containing malicious code that enables an attacker to execute remote code in production. Upgrade strongpassword to v0.0.8 to ensure no malicious code execution is possible...
CVE-2019-10842
Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...
CVE-2019-10842
Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...
CVE-2019-10842
Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...
RubyGems: 65534 times efficient, Brute-force attack for api_key
I have found that type checking for apikey is insufficient in rubygems.org's source code. https://github.com/rubygems/rubygems.org/blob/master/app/controllers/applicationcontroller.rbL63 ruby def authenticatewithapikey apikey = request.headers"Authorization" || params:apikey @apiuser =...
RubyGems kelredd-pruview多个远程命令注入漏洞
BUGTRAQ ID: 59023 CVECAN ID: CVE-2013-1947 RubyGems kelredd-pruview是一个可以生成多种文件的缩略图的软件。 kelredd-pruview 0.3.0没有过滤用户输入内的shell元字符,如果文件名内包含特殊字符,那么就可以本地用户权限执行任意命令。 0 rubygems kelredd-pruview 0.3.0 厂商补丁: rubygems -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...