Man-in-the-Middle (MitM)

introspection is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists due to the usage of source :rubygems. This causes insecure connection to be made to rubygems when downloading external packages. A malicious user can potentially compromise the source to conduct MitM attacks...

Man-in-the-Middle (MitM)

delayedjobactiverecord is vulnerable to man-in-the-middle attacks.The vulnerability exists due to the usage of source :rubygems. This causes insecure connections to rubygems to be made. A malicious user can potentially compromise the source to conduct MitM attacks...

Man-in-the-Middle (MitM)

settingslogic is vulnerable to man in the middle MitM attacks. The rubygems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct MitM attacks...

Man-in-the-Middle (MitM)

puppet is vulnerable to man-in-the-middle MitM attacks. The rubygems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct MitM attacks...

Man-In-The-Middle (MitM)

thriftclient is vulnerable to man in the middle attacks. The rubygems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct man-in-the-middle attacks...

Man In The Middle (MitM)

appraisal is vulnerable to Man in the Middle MitM attacks. The rubygems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct man-in-the-middle attacks...

Man In The Middle (Mitm)

bourne is vulnerable to man-in-the-middle MitM attacks. The rubygems source is deprecated because HTTP requests are insecure. A malicious user can potentially compromise the source to conduct man-in-the-middle attacks...

Man In The Middle (MitM)

fpm is vulnerable to man-in-the-middle attacks MitM. The rubygems source is deprecated, meaning a malicious user can potentially compromise the source to conduct man-in-the-middle attacks...

Man-in-the-Middle (MitM)

nio4r is vulnerable to man-in-the-middle MitM attacks. The rubygems source is deprecated, meaning a malicious user can potentially compromise the source to conduct a Man-in-the-Middle attack...

Man-in-the-Middle (MitM)

maildir is vulnerable to man-in-the-middle MitM attacks. The rubygems source uses insecure http, meaning a malicious user can potentially compromise the source to conduct a Man-in-the-Middle attack...

Man In The Middle (MitM)

google-api-client is vulnerable to man-in-the-middle attacks MitM. The rubygems source is deprecated, meaning a malicious user can potentially compromise the source to conduct man-in-the-middle attacks...

BinProxy - BinProxy is a proxy for arbitrary TCP connections

BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem. Installation Prerequisites Ruby 2.3 or later A C compiler, Ruby headers, etc., are needed to compile several dependencies. On Ubuntu, sudo apt install build-essential ruby-dev should do...

RubyGems: Possible Subdomain Takeover at http://production.s3.rubygems.org/ pointing to Fastly

A DNS record was found that was pointing to Fastly, but there was no Fastly service configured for this domain. We removed the record because it was not needed any longer. A subdomain takeover was not possible because although there was no service configured, we do have control of any subdomain o...

RubyGems: Login credentials transmitted in cleartext on index.rubygems.org

If someone links their target to http://index.rubygems.org then if they click "sign in" their credentials are transmitted plaintext as there is no https redirect or enforcing of https on the login form. Step 1: Link to http://index.rubuygems.org Step 2: sniff traffic open wifi / proxy / etc See t...

RubyGems: Password Reset emails missing TLS leads account takeover

Hi, I saw that the email is sent in clear-text instead of TLS Transport Layer Security any Man-in-the-middle attacker is able to read these sensitive Emails and get the password reset link which lead to account takeover. Email details: from: [email protected] to: [email protected] date: Fri, Sep 3...

RubyGems: RCE,SQL,Vulnerability + Exploit Method.

http://m.rubygems.org is this site under the scope for this bounty?...

RubyGems: Host Header Injection/Redirection

rubygems.org is vulnerable to host header injection because the host header can be changed to something outside the target domain. Attack vectors are somewhat limited but depends on how the host header is used by the back-end application code. If code references the hostname used in the URL such ...

RubyGems: Invalid username updating

Hello Rubygems, This is my first report on Hackerone, so please tell me if you need further information. This vulnerability/glitch uses the 'Edit Profile' page. How to do it: 1. Login to any account on Rubygems 2. Go to your profile 3. Go to 'Edit Profile' 4. In Handle, put the invalid username 5...

Arbitrary TCP Connection Proxy: BinProxy

Arbitrary TCP Connection Proxy BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem. BinProxy is a tool for understanding and manipulating binary network traffic. BinProxy gives you a TCP proxy and an interface to write protocol-specific...

SUSE-SU-2016:1146-1 Security update for portus

Portus was updated to version 2.0.3, which brings several fixes and enhancements: - Fixed crono job when a repository could not be found. - Fixed compatibility issues with Docker 1.10 and Distribution 2.3. - Handle multiple scopes in token requests. - Add optional fields to token response. - Fixe...