RubyGems karteek-docsplit 'text_extractor.rb'远程命令执行漏洞

BUGTRAQ ID: 58931 CVECAN ID: CVE-2013-1933 karteek-docsplit是命令行工具和分割文档的Ruby库。 karteek-docsplit 0.5.4及其他版本没有过滤输入的shell元字符。攻击者通过构造含有shell字符的文件名的文件，并诱使用户提取该文件，则可导致在受影响应用上下文中执行任意命令。 问题代码: ---------------------------------------------------------------------------...

RubyGems 'thumbshooter'远程命令执行漏洞

BUGTRAQ ID: 58706 RubyGems thumbshooter可以通过webkit和qt4创建thumbshots网站。 thumbshooter因未对用户输入进行充分检查而致使存在命令执行漏洞，攻击者成功利用后可在受影响应用中执行任意命令。 0 rubygems thumbshooter 厂商补丁： rubygems -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://rubygems.org/gems/thumbshooter 1012 command "xvfb-run -a...

RubyGems fastreader 'entry_controller.rb'远程命令执行漏洞

BUGTRAQ ID: 58450 RubyGems fastreader是基于终端的订阅器。 fastreader在entrycontroller.rb的实现上存在远程命令执行漏洞，攻击者可利用此漏洞在受影响应用上下文中执行任意代码。 0 rubygems fastreader 厂商补丁： rubygems -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://rubygems.org/gems/minimagick...

RubyGems fastreader - entry_controller.rb Remote Command Execution

RubyGems fastreader - entrycontroller.rb Remote Command Execution source: https://www.securityfocus.com/bid/58450/info fastreader is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to...

RubyGems fastreader - 'entry_controller.rb' Remote Command Execution

source: https://www.securityfocus.com/bid/58450/info fastreader is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary commands in the context of the affected...

Flash Tool 0.6.0 Remote Code Execution

Flash Tool 0.6.0 Remote code execution vulnerability 3/1/2013 http://rubygems.org/gems/flashtool https://github.com/milboj/flashtool If files downloaded contain shell characters it's possible to execute code as the client user. ie: flashfile;id/tmp/o;.swf ./flashtool-0.6.0/lib/flashtool.rb Lines:...

RubyGems 'ruby_parser' 不安全临时文件创建漏洞(CVE-2013-0162)

Bugtraq ID:58110 CVE ID: CVE-2013-0162 RubyGems简称 gems是一个用于对Rails组件进行打包的Ruby打包系统。 rubyparser ruby gem没有以安全的方式创建临时文件，/usr/share/gems/gems/rubyparser-2.0.4/lib/gauntletrubyparser.rb的diffpp函数创建的/tmp/a.pid和/tmp/b.pid临时文件可被猜测，通过符号链接攻击可覆盖系统文件或更改目标系统文件内容，造成拒绝服务或可提升权限。 0 RubyGems 厂商解决方案...

[USN-1582-1] RubyGems vulnerabilities

========================================================================== Ubuntu Security Notice USN-1582-1 September 26, 2012 rubygems vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

RubyGems https vulnerabilities

Insufficient certificate validation, redirection to insecure protocols...

Ubuntu Update for rubygems USN-1582-1

Ubuntu Update for Linux kernel vulnerabilities USN-1582-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15821.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for rubygems USN-1582-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net Thi...

Ubuntu: Security Advisory (USN-1582-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1582-1: RubyGems vulnerabilities

John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. CVE-2012-2126 John Firebaugh discovered that the RubyGems remot...

Ubuntu 12.04 LTS : rubygems vulnerabilities (USN-1582-1)

John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. CVE-2012-2126 John Firebaugh discovered that the RubyGems remot...

CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

Fedora Update for rubygems FEDORA-2012-6132

Check for the Version of rubygems OpenVAS Vulnerability Test Fedora Update for rubygems FEDORA-2012-6132 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for rubygems FEDORA-2012-6132

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Medium: rubygems

Issue Overview: RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. Affected Packages: rubygems Issue Correction: Run yum update rubygems or yum update --advisory...

Fedora Update for rubygems FEDORA-2012-6414

Check for the Version of rubygems OpenVAS Vulnerability Test Fedora Update for rubygems FEDORA-2012-6414 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for rubygems FEDORA-2012-6414

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for rubygems FEDORA-2012-6409

Check for the Version of rubygems OpenVAS Vulnerability Test Fedora Update for rubygems FEDORA-2012-6409 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...