SquirrelMail G/PGP Encryption Plugin - 'deletekey()' Command Injection

!/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts "--------------------------------------------------\n" if ARGV0 == nil && ARGV1 == nil && ARGV2 == n...

SquirrelMail G/PGP Plugin deletekey() Command Injection Exploit

Exploit for unknown platform in category web applications =============================================================== SquirrelMail G/PGP Plugin deletekey Command Injection Exploit =============================================================== !/usr/local/bin/ruby puts"http://backdoored.net\n...

SquirrelMail GPGP Encryption Plugin - deletekey() Command Injection

SquirrelMail GPGP Encryption Plugin - deletekey Command Injection !/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts...

DSA-1431-1 ruby-gnome2 - format string

Bulletin has no description...

[SECURITY] Fedora 7 Update: ruby-gnome2-0.16.0-18.fc7

This is a set of bindings for the GNOME-2.x libraries for use from Ruby...

[SECURITY] Fedora 8 Update: ruby-gnome2-0.16.0-18.fc8

This is a set of bindings for the GNOME-2.x libraries for use from Ruby...

Debian DSA-1410-1 : ruby1.8 - programming error

Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5162 It was discovered that the Ruby HTTPS module performs insufficient validation of SSL certificates, whic...

Debian DSA-1411-1 : libopenssl-ruby - programming error

Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5162 It was discovered that the Ruby HTTPS module performs insufficient validation of SSL certificates, whic...

Debian DSA-1412-1 : ruby1.9 - programming error

Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5162 It was discovered that the Ruby HTTPS module performs insufficient validation of SSL certificates, whic...

openSUSE 10 Security Update : ruby (ruby-4703)

This update of ruby improves the SSL certificate verification process. CVE-2007-5162, CVE-2007-5770 Prior to this update it was possible to intercept SSL traffic with a man-in-the-middle attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

[SECURITY] [DSA 1411-1] New libopenssl-ruby packages fix insecure SSL certificate validation

------------------------------------------------------------------------ Debian Security Advisory DSA-1411-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 24, 2007 http://www.debian.org/security/faq -...

DSA-1412-1 ruby1.9 - possible man-in-the-middle attacks

Bulletin has no description...

DSA-1411-1 libopenssl-ruby - possible man-in-the-middle attacks

Bulletin has no description...

Moderate: ruby security update

1.8.5-5.el51.1 - security fix for CVE-2007-5162 and CVE-2007-5770 - ruby-1.8.5-CVE-2007-5162.patch: fix issues that is insufficient verification of SSL certificate. 320331 - Fix the multilib regression issue. 1.8.5-5 - security fix release. - ruby-1.8.5-cgi-CVE-2006-6303.patch: fix a infinite loo...

Ruby多个库SSL多个不安全证书验证漏洞

BUGTRAQ ID: 26421 CVE ID:CVE-2007-5770 CNCVE ID:CNCVE-20075770 Yukihiro Matsumoto Ruby是一种解释型的方便快捷的面向对象脚本语言。 Ruby包含的多个库在对X.509证书验证存在问题，远程攻击者可以利用漏洞进行中间人攻击，获得敏感信息。 多个Ruby Net模块处理SSL证书验证存在问题，库没有对SSL服务器证书中的common name CN的请求的主机名进行检查，可导致中间人攻击。攻击者借此可嗅探到敏感信息。 Yukihiro Matsumoto Ruby 1.8.6 Yukihiro Matsumo...

CVE-2007-5770

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

CVE-2007-5770

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

CVE-2007-5770

Concrete details found: CVE-2007-5162 and CVE-2007-5770 affect Ruby 1.8.5/1.8.6. The MiracleLinux AXSA-2007-63:01 advisory states that the CN field in a server certificate is not verified against the domain in the request for (1) Net::HTTP/Net::HTTPS and (2) multiple Net modules (ftptls, telnets,...

RHEL 5 : ruby (RHSA-2007:0965)

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. An SSL certifica...

RHEL 4 : ruby (RHSA-2007:0961)

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A flaw was...