917 matches found
RubyGems xaviershay-dm-rails 'storage.rb' MySQL Information Disclosure Vulnerability
RubyGems xaviershay-dm-rails is a Ruby application. A security vulnerability in RubyGems xaviershay-dm-rails 'storage.rb' allows remote attackers to exploit a vulnerability to obtain sensitive MySQL authentication credential information...
Different Ruby gems security vulnerabilities
Crossite scripting, code execution, information leakage...
rubygems: version regex algorithmic complexity vulnerability
A denial of service vulnerability exists in the RubyGems versions 2.0.7 or older, such that when RubyGems validates versioning it performs a wrong regular expression causing resource consumption due to algorithmic complexity...
rubygems: Two security fixes in v1.8.23
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...
FreeBSD : ruby-gems -- Algorithmic Complexity Vulnerability (54237182-9635-4a8b-92d7-33bfaeed84cd)
Ruby Gem developers report : RubyGems validates versions with a regular expression that is vulnerable to denial of service due to backtracking. For specially crafted RubyGems versions attackers can cause denial of service through CPU consumption. %NASLMINLEVEL 70300 C Tenable Network Security, In...
FreeBSD : ruby-gems -- Algorithmic Complexity Vulnerability (742eb9e4-e3cb-4f5a-b94e-0e9a39420600)
Ruby Gem developers report : The patch for CVE-2013-4363 was insufficiently verified so the combined regular expression for verifying gem version remains vulnerable following CVE-2013-4363. RubyGems validates versions with a regular expression that is vulnerable to denial of service due to...
rubygems: version regex algorithmic complexity vulnerability
A denial of service vulnerability exists in the RubyGems versions 2.0.7 or older, such that when RubyGems validates versioning it performs a wrong regular expression causing resource consumption due to algorithmic complexity...
DEBIAN-CVE-2013-4363
Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...
rubygems: version regex algorithmic complexity vulnerability
A denial of service vulnerability exists in the RubyGems versions 2.0.7 or older, such that when RubyGems validates versioning it performs a wrong regular expression causing resource consumption due to algorithmic complexity...
rubygems: Two security fixes in v1.8.23
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...
rubygems: Two security fixes in v1.8.23
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...
DEBIAN-CVE-2012-2126
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...
DEBIAN-CVE-2012-2125
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...
Security vulnerabilities in different Ruby Gems
VUlnerabilities in different libraries...
[MSF-Installer] Script to Automate Metasploit Framework Installation
Script to help with installing and configuring Metasploit Framework, Armitage and the Plugins I have written on OSX and Linux To use the script on OSX Java, Xcode and Command Development Tools from Xcode must be installed before running the script. In the case of OSX I also added the option of...
UBUNTU-CVE-2012-2126
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...
PT-2007-1934
Name of the Vulnerable Software and Affected Versions RubyGems versions prior to 0.9.1 Description The issue concerns the extract files function in installer.rb, which does not check whether files exist before overwriting them. This allows user-assisted remote attackers to overwrite arbitrary...