Debian DSA-1652-1 : ruby1.9 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3655 Keita Yamaguchi discovered that several safe...

Debian DSA-1651-1 : ruby1.8 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3655 Keita Yamaguchi discovered that several safe...

USN-651-1: Ruby vulnerabilities

Akira Tagoh discovered a vulnerability in Ruby which lead to an integer overflow. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program...

CVE-2008-3657

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...

Design/Logic Flaw

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...

CVE-2008-3657

CVE-2008-3657 is a confirmed issue in the Ruby DL module where inputs are not tainted, allowing context-dependent attackers to bypass safe levels and call dangerous functions via DL.dlopen. Affected are Ruby 1.8.5 and older, 1.8.6 up to -p286, 1.8.7 up to -p71, and 1.9 up to r18423. Connected adv...

CVE-2008-3657

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...

CVE-2008-3657

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...

Ruby 1.9 - Safe Level Multiple Function Restriction Bypass

Ruby 1.9 - Safe Level Multiple Function Restriction Bypass source: https://www.securityfocus.com/bid/30644/info Ruby is prone to multiple vulnerabilities that can be leveraged to bypass security restrictions or cause a denial of service: - Multiple security-bypass vulnerabilities occur because of...

Ruby 1.9 dl - Module DL.dlopen Arbitrary Library Access

Ruby 1.9 dl - Module DL.dlopen Arbitrary Library Access source: https://www.securityfocus.com/bid/30644/info Ruby is prone to multiple vulnerabilities that can be leveraged to bypass security restrictions or cause a denial of service: - Multiple security-bypass vulnerabilities occur because of...

Ruby 1.9 dl - Module DL.dlopen Arbitrary Library Access

source: https://www.securityfocus.com/bid/30644/info Ruby is prone to multiple vulnerabilities that can be leveraged to bypass security restrictions or cause a denial of service: - Multiple security-bypass vulnerabilities occur because of errors in the 'safe level' restriction implementation...

ruby -- multiple vulnerabilities in safe level

The official ruby site reports: Several vulnerabilities in safe level have been discovereds:. untracevar is permitted at safe level 4; $PROGRAMNAME may be modified at safe level 4; insecure methods may be called at safe level 1-3; syslog operations are permitted at safe level 4; dl doesn't check...

Ruby missing "taintness" checks in dl module

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...

Unfixed XSS vulnerability at www.counter-strike-dl.com

Security researcher SaMTHG, has submitted on 05/10/2008 a cross-site-scripting XSS vulnerability affecting www.counter-strike-dl.com, which at the time of submission ranked 79848 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/10/2008. It is...

Quinsonnas Mail Checker 1.55 - footer.php Remote File Inclusion

Quinsonnas Mail Checker 1.55 - footer.php Remote File Inclusion Quinsonnas Mail Checker 1.55 footer.php Remote File Inclusion Vulnerabilities http://switch.dl.sourceforge.net/sourceforge/quinsonnas/quinsonnas-1.55.tar.bz2 POC : /quinsonnas-1.55/footer.php?opfooterbody=http://localhost/020.txt? I'...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4810)

This update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities CVE-2007-1659, CVE-2006-7230, CVE-2007-1660, CVE-2006-7227 CVE-2005-4872, CVE-2006-7228 - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars CVE-2007-5898 - overly long...

FreeBSD : php -- multiple security vulnerabilities (392b5b1d-9471-11dc-9db7-001c2514716c)

PHP project reports : Security Enhancements and Fixes in PHP 5.2.5 : - Fixed dl to only accept filenames. Reported by Laurent Gaffie. - Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. - Fixed htmlentities/htmlspecialchars not to accept partial multibyte...

php -- multiple security vulnerabilities

PHP project reports: Security Enhancements and Fixes in PHP 5.2.5: Fixed dl to only accept filenames. Reported by Laurent Gaffie. Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences...

CVE-2007-4887

The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service application crash via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability...

CVE-2007-4887

Technical details for CVE-2007-4887 are not publicly available in the provided documents. Monitor for updates.