Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017532)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017532 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into...

Trusting FTP PASV responses vulnerability in Net::FTP

A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed e.g., the attacker can conduct port scans and service banner...

CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

UBUNTU-CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

ImageShack Toolbar 4.5.7 FileUploader Class InsecureMethod PoC

No description provided by source. !-- ImageShack Toolbar 4.5.7 FileUploader Class ImageShackToolbar.dll insecure method poc This tool may allow a malicious web page to post arbitrary images on the web from a user hard drive. Images will be visible on ImageShack site, a way for an attacker to...