Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data such that by launching the drbremotecodeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the...

drb-it.be Cross Site Scripting vulnerability OBB-1296407

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Ruby: DRb denial of service vulnerability

It is possible to crash the DRb server by providing malformed input. By following DRb example https://ruby-doc.org/stdlib-2.7.0/libdoc/drb/rdoc/DRb.htmlmodule-DRb-label-Server+code it was created the simple server and client code attached: drbserver.rb drbclient.rb client code was modified to...

Distributed Ruby (dRuby/DRb) Multiple RCE Vulnerabilities

Systems using Distributed Ruby dRuby/DRb, which is available in Ruby versions 1.6 and later, may permit unauthorized systems to execute distributed commands. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

ruby security update

1.8.7.352-13 - Workaround build issues against OpenSSL with enabled ECC curves. - Make DRb compatible with OpenSSL 1.0.1. ruby-1.9.3-p222-generate-1024-bits-RSA-key-instead-of-512-bits.patch - Fix CVE-2013-4164 Heap Overflow in Floating Point Parsing...

CVE-2007-5218

Cross-site scripting XSS vulnerability in index.php in Don Barnes DRBGuestbook 1.1.13 allows remote attackers to inject arbitrary web script or HTML via the action parameter...