Ruby Gem kelredd-pruview 0.3.8 Command Injection Vulnerability

Ruby Gem kelredd-pruview version 0.3.8 suffers from a remote command injection vulnerability. Remote command injection in Ruby Gem kelredd-pruview 0.3.8 Larry W. Cashdollar 4/4/2013 @larry0 Description: "A gem to ease generating image previews thumbnails of various files."...

Ruby Gem Karteek Docsplit 0.5.4 Command Injection Vulnerability

Ruby Gem Karteek Docsplit version 0.5.4 fails to sanitize user-supplied input. If a user is tricked into extracting a file with shell characters in the name, code can be executed remotely. Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4 4/1/2013 Larry W. Cashdollar @larry0 User supplied...

Ruby Gem Karteek Docsplit 0.5.4 Command Injection

Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4 4/1/2013 Larry W. Cashdollar @larry0 User supplied input isn't sanitized against shell metacharacters and is fed directly to the shell. If the user is tricked into extracting a file with shell characters in the name code can be executed...

DEBIAN-CVE-2013-1802

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...

CVE-2013-1800

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...

Ruby Gem ldoce 0.0.2 Command Execution Vulnerability

Ruby Gem ldoce version 0.0.2 suffers from a command execution vulnerability. Remote command execution in Ruby Gem ldoce 0.0.2 Larry W. Cashdollar @larry0 3/25/2013 Ldoce Ruby Gem: Easily interface with the Longman Dictionary of Contemporary English API from Ruby: NB currently mac only as it depen...

Ruby Gem ldoce 0.0.2 Command Execution

Remote command execution in Ruby Gem ldoce 0.0.2 Larry W. Cashdollar @larry0 3/25/2013 Ldoce Ruby Gem: Easily interface with the Longman Dictionary of Contemporary English API from Ruby: NB currently mac only as it depends on the afplay command. https://github.com/markburns/ldoce Ldoce passes an...

Ruby Thumbshooter Gem 0.1.5 Remote Command Execution

Ruby gem Thumbshooter 0.1.5 remote command execution 3/25/2013 Generates thumbshots of URLs by using Webkit and QT4. https://github.com/digineo/thumbshooter Specially crafted URLs can result in remote code execution if the URL contains shell metacharacters. We see that the url is passed directly ...

Design/Logic Flaw

commandwrap.rb in the commandwrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename...

Ruby Gem Fastreader 1.0.8 Code Execution

Ruby gem fastreader-1.0.8 remote code exec 3/6/2013 if the url contains any ; characters code will be executed as the user. for example if fastreader is fed http://www.g;id;.com id will be executed. ./fastreader-1.0.8/lib/entrycontroller.rb .strip only removes whitespace before and after the URL...

Ruby Gem Curl Command Execution

Curl Ruby Gem Remote command execution 3/12/2013 https://github.com/tg0/curl Specially crafted URLs can result in remote code execution: In ./lib/curl.rb the following lines: 131 cmd = "curl cookiesstore browsertype @setupparams ref "url" " 132 if @debug 133 puts cmd.red 134 end 135 result =...

Ruby Gem Minimagic Command Execution Vulnerability

Ruby Gem MiniMagic suffers from a remote command execution vulnerability due to a lack of user input sanitization. MiniMagic ruby gem remote code execution 3/12/2013 https://github.com/hcatlin/minimagick A ruby wrapper for ImageMagick or GraphicsMagick command line. Tested on both Ruby 1.9.2 and...

Ruby Gem Curl Command Execution Vulnerability

Ruby Gem Curl suffers from a remote command execution vulnerability due to a lack of user input sanitization. Curl Ruby Gem Remote command execution 3/12/2013 https://github.com/tg0/curl Specially crafted URLs can result in remote code execution: In ./lib/curl.rb the following lines: 131 cmd =...

Ruby Gem Fastreader 1.0.8 Command Execution Vulnerability

Ruby Gem Fastreader version 1.0.8 suffers from a remote command execution vulnerability due to a lack of user input sanitization. Ruby gem fastreader-1.0.8 remote code exec 3/6/2013 https://rubygems.org/gems/fastreader if the url contains any ; characters code will be executed as the user when a...

Ruby Gem Minimagic Command Execution

MiniMagic ruby gem remote code execution 3/12/2013 https://github.com/hcatlin/minimagick A ruby wrapper for ImageMagick or GraphicsMagick command line. Tested on both Ruby 1.9.2 and Ruby 1.8.7. If a URL is from an untrusted source, commands can be injected into it for remote code execution with...

Ruby Gem Fastreader 1.0.8 Command Execution

Ruby gem fastreader-1.0.8 remote code exec 3/6/2013 https://rubygems.org/gems/fastreader if the url contains any ; characters code will be executed as the user when a web browser is launched. for example if fastreader is fed http://www.g;id;.com id will be executed...

Ruby Gem ftpd-0.2.1 Remote Command Execution

Remote command execution for Ruby Gem ftpd-0.2.1 2/28/2013 https://github.com/wconrad/ftpd http://rubygems.org/gems/ftpd "ftpd is a pure Ruby FTP server library. It supports implicit and explicit TLS, passive and active mode, and most of the commands specified in RFC 969. It an be used as part of...

Fileutils Ruby Gem Remote Command Execution

Possible remote command execution and insecure file handling in /tmp. 2/23/2013 http://rubygems.org/gems/fileutils "A set of utility classes to extract meta data from different file types". Handles files insecurely in /tmp, a directory is created for that file extension say 'zip' and files are...

Fedora 18 : rubygem-actionpack-3.2.8-2.fc18 / rubygem-activerecord-3.2.8-3.fc18 / etc (2013-0568)

Fix for CVE-2013-0155 and CVE-2013-0156. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Ruby Gem nori Parameter Parsing Remote Code Execution

The Ruby Gem nori has a parameter parsing error that may allow an attacker to execute arbitrary code. This vulnerability has to do with type casting during parsing, and is related to CVE-2013-0156...