Amazon Linux 2 : ruby (ALAS-2019-1276)

It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory. CVE-2018-8777 It wa...

Medium: ruby

Issue Overview: It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory...

NewStart CGSL CORE 5.04 / MAIN 5.04 : curl Multiple Vulnerabilities (NS-SA-2019-0039)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has curl packages installed that are affected by multiple vulnerabilities: - curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl...

Improper NULL Byte Parsing

libmspack parses NULL bytes in an insecure manner. The chmdreadheaders function in mspack/chmd.c accepts filenames that has \0 as its first or second character. This could allow attackers to bypass input validations or authorization controls...

ruby: Unintentional directory traversal by poisoned NULL byte in Dir

It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script...

curl: FTP path trickery leads to NIL byte out of bounds write

It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash or an unspecified behavior...

Directory Traversal

Ruby is vulnerable to directory traversal vulnerability. This is because the methods from the Dir class does not properly handle strings containing the NULL byte. An attacker could inject NULL bytes in a path causing a directory traversal condition...

PT-2019-6811 · Chicken +1 · Chicken +1

Name of the Vulnerable Software and Affected Versions: Chicken versions prior to 4.8.0 Description: The issue arises from improper handling of NUL bytes in certain strings, allowing an attacker to conduct a "poisoned NUL byte attack." Recommendations: For versions prior to 4.8.0, update to versio...

DEBIAN-CVE-2019-11834

cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a string literal...

Travel Booking < 2.7.8.4 - Reflected & Stored XSS

Weak security measures like no input & textarea fields data filtering has been discovered in the 'Traveler - Travel Booking WordPress Theme'. Special Notes: 1 - 'Change Avatar' upload field works really strange. F.e., u can upload any .PHP file with extension .php.png and break profile page Serve...

Linux/x86 Read /etc/passwd Shellcode 58 bytes

/ Shellcode Title: Linux/x86 - Read File /etc/passwd 58 bytes. NULL byte free Author: Kiewicz @Kiewicz Homepage: https://0xkiewicz.github.io Tested on: Debian/x86 gcc -o shellcode -z execstack -fno-stack-protector shellcode.c PA-7854 / / $ objdump -d -M intel readfile readfile: file format...

PHP 7.0.x < 7.0.3 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.3. It is, therefore, affected by multiple vulnerabilities : - The Perl-Compatible Regular Expressions PCRE library is affected by multiple vulnerabilities related to the handling of regular...

ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...

ruby: Unintentional directory traversal by poisoned NULL byte in Dir

It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script...

ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...

ruby: Unintentional directory traversal by poisoned NULL byte in Dir

It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script...

ruby: Unintentional directory traversal by poisoned NULL byte in Dir

It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script...

ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...

MGASA-2018-0455 Updated libmspack/cabextract packages fix security vulnerabilities

Hanno Böck discovered that libmspack incorrectly handled certain CHM files. An attacker could possibly use this issue to cause a denial of service CVE-2018-14679, CVE-2018-14680. Jakub Wilk discovered that libmspack incorrectly handled certain KWAJ files. An attacker could possibly use this issue...

curl: FTP path trickery leads to NIL byte out of bounds write

It was found that libcurl did not safely parse FTP URLs when using the CURLOPTFTPFILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash or an unspecified behavior...