CVE-2008-2725

Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the...

CVE-2008-2663

Ruby 1.8.4 and earlier (and 1.8.5-p231, 1.8.6-p230, 1.8.7-p22) are affected by an integer overflow in rb_ary_store that can enable context-dependent arbitrary code execution or a denial of service (CVE-2008-2663). The MiracleLinux, Oracle Linux, and Red Hat advisories in the connected documents r...

CVE-2008-2725

CVE-2008-2725 is an integer overflow in Ruby’s rb_ary_splice (and related issues in rb_ary_splice) affecting Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22. The vulnerability can trigger memory corruption via unspecified vectors in context-dep...

CVE-2008-2663

Multiple integer overflows in the rbarystore function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than...

CVE-2008-1891

Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing 1 + plus, 2 %2b encode...

Directory traversal

Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash \ path separators or case-insensitive file names, allows remote attackers to access arbitrary files via 1 "..%5c" encoded backslash...

PT-2008-2739 · Ruby +1 · Ruby +1

Name of the Vulnerable Software and Affected Versions: Ruby versions 1.8 before 1.8.5-p115 Ruby versions 1.8.6 before 1.8.6-p114 Ruby versions 1.9 through 1.9.0-1 Description: A directory traversal issue exists when running on systems that support backslash path separators or case-insensitive fil...

DSA-1410-1 ruby1.8 - possible man-in-the-middle attacks

Bulletin has no description...

CVE-2006-5467

The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and...

Resource Management Errors

Overview Affected versions of this package are vulnerable to Resource Management Errors. The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary...

CVE-2006-5467

The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and...

CVE-2006-5467

The CVE-2006-5467 issue affects Ruby 1.8’s CGI module (cgi.rb) and can cause a denial of service via a crafted multipart/form-data request with an invalid boundary. The vulnerability is specifically exploited in the CGI multipart parser, leading to an infinite loop and high CPU usage. Multiple ve...