[SECURITY] Fedora Core 6 Update: ruby-1.8.5.113-1.fc6

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Ruby Net::HTTPS library does not validate server certificate CN

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...

Cross site request forgery (csrf)

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

CVE-2007-5162

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

Ruby Net::HTTPS library does not validate server certificate CN

iSEC Partners Security Advisory - 2007-006-RubySSL http://www.isecpartners.com -------------------------------------------- Ruby Net::HTTPS library does not validate server certificate CN Vendor: Ruby Vendor URL: http://www.ruby-lang.org Versions affected: 1.8.5, 1.8.6, Trunk Ruby Systems Affecte...

Ruby Net::HTTPS library certificates validation cryptographic vulnerability

Certificate's CN field is not validated against DNS name, making it's possible to use valid certificate with wrong CN...

CVE-2007-5162

CVE-2007-5162 affects Ruby 1.8.5/1.8.6: Net::HTTP and Net::HTTPS do not verify the server certificate CN against the requested domain, enabling MITM or spoofed sites. The connected MiracleLinux advisory ( AXSA-2007-63:01 ) reiterates the flaw across multiple Net modules (including Net::HTTP/Net::...

CVE-2007-5162

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

Ruby Net::HTTPS library does not validate server certificate CN

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

wordpress-toolkit-gui.txt

Copyright c 2007 Lance M. Havok . All Rights Reserved. Exploits R' Us: bringing the amazing world of exploitation toys to your mom. Please read http://www.info-pull.com/code/DISCLAIMER for licensing terms. begin require 'pwnpress' require 'rubygems' require 'fox16' include Fox rescue puts "Need...

BitchX 1.1 Final - MODE Remote Heap Overflow

BitchX 1.1 Final - MODE Remote Heap Overflow !/usr/bin/env ruby BitchX-1.1 Final MODE Heap Overflow 0-day By bannedit Discovered May 16th 2007 - Yet another overflow which can overwrite GOT I found this vuln after modifying ilja's ircfuzz code. Currently this exploit attempts to overwrite the GOT...

Asterisk < 1.2.22/1.4.8 - IAX2 Channel Driver Remote Crash

!/usr/bin/env ruby author = tenkeiev Script to test chaniax for the vuln in ASA-2007-015 Trigger subtypes of 11 or 12 will crash an unpatched server First establish a call - send new, recv accept, send ack, recv answer, send ack Then send IAX2 control packets with subtypes 0x0b or 0x0c that conta...

Debian DSA-1324-1 : hiki - missing input sanitising

Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written in Ruby, which could allow a remote attacker to delete arbitrary files which are writable to the Hiki user, via a specially crafted session parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

[SECURITY] [DSA 1324-1] New hiki packages fix missing input sanitising

------------------------------------------------------------------------ Debian Security Advisory DSA-1324 [email protected] http://www.debian.org/security/ Steve Kemp June 28, 2007 - ------------------------------------------------------------------------ Package : hiki Vulnerability : missing...

DSA-1324-1 hiki

Bulletin has no description...

[SECURITY] Fedora 7 Update: ruby-mecab-0.96-1.fc7

Ruby binding for MeCab...

Mac OS X Multiple Vulnerabilities (Security Update 2007-005)

The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN C Tenable...

notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.

...i took a look at the new notepad++, and noticed this, i'm not sure how long it has been there or if it was recently added to the code... either way here is a POC for it. original reference: http://fakehalo.us/xnotepad++.c / notepad++v4.1: win32 ruby file processing buffer overflow exploit. by:...

Notepad++ Ruby源文件处理远程栈溢出漏洞

Notepad++是运行在Windows环境中的开源编辑器，支持多种编程语言。 Notepad++的SciLexer模块（SciLexer.dll）在处理ruby源文件（.rb）时存在栈溢出漏洞，如果用户受骗打开了恶意的.rb文件，就会触发这个溢出，导致执行任意指令。 Notepad++ Notepad++ 4.1 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://notepad-plus.sourceforge.net/ http://www.sebug.net/show-exp-1876.html...

notepad++ 4.1 ruby file processing Buffer Overflow Exploit (win32)

No description provided by source. / notepad++v4.1: win32 ruby file processing buffer overflow exploit. by: vade79/v9 [email protected] fakehalo/realhalo ...