Ruby Gem ldoce 0.0.2 Command Execution Vulnerability

Ruby Gem ldoce version 0.0.2 suffers from a command execution vulnerability. Remote command execution in Ruby Gem ldoce 0.0.2 Larry W. Cashdollar @larry0 3/25/2013 Ldoce Ruby Gem: Easily interface with the Longman Dictionary of Contemporary English API from Ruby: NB currently mac only as it depen...

Ruby Gem ldoce 0.0.2 Command Execution

Remote command execution in Ruby Gem ldoce 0.0.2 Larry W. Cashdollar @larry0 3/25/2013 Ldoce Ruby Gem: Easily interface with the Longman Dictionary of Contemporary English API from Ruby: NB currently mac only as it depends on the afplay command. https://github.com/markburns/ldoce Ldoce passes an...

Ruby Thumbshooter Gem 0.1.5 Remote Command Execution

Ruby gem Thumbshooter 0.1.5 remote command execution 3/25/2013 Generates thumbshots of URLs by using Webkit and QT4. https://github.com/digineo/thumbshooter Specially crafted URLs can result in remote code execution if the URL contains shell metacharacters. We see that the url is passed directly ...

Design/Logic Flaw

commandwrap.rb in the commandwrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename...

Ruby Gem Minimagic Command Execution Vulnerability

Ruby Gem MiniMagic suffers from a remote command execution vulnerability due to a lack of user input sanitization. MiniMagic ruby gem remote code execution 3/12/2013 https://github.com/hcatlin/minimagick A ruby wrapper for ImageMagick or GraphicsMagick command line. Tested on both Ruby 1.9.2 and...

Ruby Gem Curl Command Execution

Curl Ruby Gem Remote command execution 3/12/2013 https://github.com/tg0/curl Specially crafted URLs can result in remote code execution: In ./lib/curl.rb the following lines: 131 cmd = "curl cookiesstore browsertype @setupparams ref "url" " 132 if @debug 133 puts cmd.red 134 end 135 result =...

Ruby Gem ftpd-0.2.1 Remote Command Execution

Remote command execution for Ruby Gem ftpd-0.2.1 2/28/2013 https://github.com/wconrad/ftpd http://rubygems.org/gems/ftpd "ftpd is a pure Ruby FTP server library. It supports implicit and explicit TLS, passive and active mode, and most of the commands specified in RFC 969. It an be used as part of...

Fileutils Ruby Gem Remote Command Execution

Possible remote command execution and insecure file handling in /tmp. 2/23/2013 http://rubygems.org/gems/fileutils "A set of utility classes to extract meta data from different file types". Handles files insecurely in /tmp, a directory is created for that file extension say 'zip' and files are...

Fedora 18 : rubygem-actionpack-3.2.8-2.fc18 / rubygem-activerecord-3.2.8-3.fc18 / etc (2013-0568)

Fix for CVE-2013-0155 and CVE-2013-0156. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Ruby Gem nori Parameter Parsing Remote Code Execution

The Ruby Gem nori has a parameter parsing error that may allow an attacker to execute arbitrary code. This vulnerability has to do with type casting during parsing, and is related to CVE-2013-0156...