XML Entity Expansion (XEE)

ruby is vulnerable to XML Entity Expansion XEE attacks. The vulnerability exists as the REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Enti...

Amazon Linux: Security Advisory (ALAS-2014-439)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : ruby20 (ALAS-2014-441)

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack. C Tenable Network Security, Inc. The descriptive text and...

Medium: ruby20

Issue Overview: The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack. Affected Packages: ruby20 Issue Correction:...

Medium: ruby21

Issue Overview: The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack. Affected Packages: ruby21 Issue Correction:...

Adobe Acrobat Reader - ASLR/DEP Bypass Exploit with SANDBOX BYPASS

No description provided by source. CVE-2013-0640/1 Somehow, our script got on to the Russian forums :/ @w3bd3vil and @abh1sek Exploit-DB mirror: http://www.exploit-db.com/sploits/29881.tar.gz Adobe Acrobat Reader ASLR/DEP bypass Exploit with SANDBOX BYPASS...

Adobe Acrobat Reader - ASLR + DEP Bypass with Sandbox Bypass

CVE-2013-0640/1 Somehow, our script got on to the Russian forums :/ @w3bd3vil and @abh1sek Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29881.tar.gz Adobe Acrobat Reader ASLR/DEP bypass Exploit with SANDBOX BYPASS...

CVE-2010-2489

Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplacemode value that is not properly handled when constructing the filenames of the backup files...

Buffer overflow

Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplacemode value that is not properly handled when constructing the filenames of the backup files...

CVE-2010-2489

Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplacemode value that is not properly handled when constructing the filenames of the backup files...

CVE-2010-2489

Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplacemode value that is not properly handled when constructing the filenames of the backup files...

CVE-2010-2489

Ruby 1.9.x before 1.9.1-p429 on Windows is affected by a buffer overflow in ARGF.inplace_mode used when constructing backup filenames, allowing local privilege escalation. The issue is addressed in Ruby 1.9.1-p429 (Ruby on Windows update). Affected components: Ruby 1.9.x, ARGF.inplace_mode handli...

Design/Logic Flaw

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...