Oracle Linux 5 : Moderate: / ruby (ELSA-2007-0965)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0965 advisory. 1.8.5-5.el51.1 - security fix for CVE-2007-5162 and CVE-2007-5770 - ruby-1.8.5-CVE-2007-5162.patch: fix issues that is insufficient verification of SSL...

WEBrick Improper Input Validation vulnerability

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...

[SSLSmart] Smart SSL Cipher Enumeration

SSLSmart is a highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing. A number of tools allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed b...

Amazon Linux AMI : ruby (ALAS-2013-173)

It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially crafted XML content, which will result in REXML consuming large...

Ruby: Untrusted codes able to modify arbitrary strings

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...

CVE-2011-1005

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...

Fedora 12 : ruby-1.8.6.383-6.fc12 (2010-0530)

A security vulnerability is found on WEBrick module in Ruby currently shipped on Fedora 12 that WEBrick lets attackers to inject malicious escape sequences to its logs, making it possible for dangerous control characters to be executed on a victim's terminal emulator. This issue has now been tagg...

GUI MyBB 2002-2010 exploit

Exploit for php platform in category web applications ========================== GUI MyBB 2002-2010 exploit ========================== !/usr/local/bin/ruby GUI MyBB 2002-2010 04/04/10 Whivack Contact Me = email protected Dork Google : "Moteur MyBB, 2002-2010 MyBB Group." No Security : No Captcha...

Gentoo Security Advisory GLSA 201001-09 (ruby)

The remote host is missing updates announced in advisory GLSA 201001-09. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

CVE-2009-1904

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service application crash via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type...

Fedora 8 : ruby-1.8.6.287-2.fc8 (2008-8736)

Update to new upstream release fixing multiple security issues detailed in the upstream advisories: http://www.ruby-lang.org/en/news/2008/08/08/multiple- vulnerabilities-in-ruby/ - CVE-2008-3655 - multiple insufficient safe mode restrictions - CVE-2008-3656 - WEBrick DoS vulnerability CPU...

CVE-2008-2664 ruby: Unsafe use of alloca in rb_str_format()

The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...

ruby -- DNS spoofing vulnerability in resolv.rb

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than...

Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal

------------------------------------------------------------------------------------ Digital Security Research Group DSecRG Advisory DSECRG-08-018 Application: Ruby 1.8.6 WEBrick Web server Toolkit and applications that used WEBrick, like Metasploit 3.1 Versions Affected: 1.8.4 and all prior...

PT-2008-2739 · Ruby +1 · Ruby +1

Name of the Vulnerable Software and Affected Versions: Ruby versions 1.8 before 1.8.5-p115 Ruby versions 1.8.6 before 1.8.6-p114 Ruby versions 1.9 through 1.9.0-1 Description: A directory traversal issue exists when running on systems that support backslash path separators or case-insensitive fil...

Security fix for the ALT Linux 5 package ruby version 1.8.6-alt3

Jan. 11, 2008 Kirill A. Shutemov 1.8.6-alt3 - branch based git repository - update to ruby186 svn branch revision 14091 - sync with debian 1.8.6.111-2 + CVE-2007-5162 - install libruby.so into /usr/lib bug 13951 - move arch-depended siteruby to /usr/local/ raorn@ - update macros bug 13933 - add...

Ruby Net::HTTPS library does not validate server certificate CN

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...