Multi Gather RubyGems API Key

This module obtains a user's RubyGems API key from /.gem/credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather RubyGems API Key', 'Description' = %q This module obtains a...

Oracle Solaris Third-Party Patch Update : rubygems (multiple_cryptographic_issues_vulnerabilities_in1)

The remote Solaris system is missing necessary patches to address security updates : - Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/ rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby...

Oracle Solaris Third-Party Patch Update : rubygems (cve_2012_2125_https_to)

The remote Solaris system is missing necessary patches to address security updates : - RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. CVE-2012-2125 - RubyGems...

RubyGems Doorkeeper Cross-Site Request Forgery Vulnerability

RubyGems gems is a Ruby packaging system for packaging Ruby components. A cross-site request forgery vulnerability exists in RubyGems Doorkeeper because it fails to properly validate HTTP requests. An attacker could use this vulnerability to perform unauthorized actions in the context of a...

RHEL 6 : MRG (RHSA-2013:1852)

Updated Grid component packages that fix multiple security issues are now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whi...

openSUSE Security Update : rubygems (openSUSE-SU-2014:0332-1)

This update fixes the following issue with some rubygems : - bnc864873: fix rubygem patches are not applied to the gem but only to the tree. Packages embedding rubygems via their .gem files were not receiving security updates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

WPScan - WordPress Security Scanner

WPScan is a black box WordPress vulnerability scanner. Features Username enumeration from author querystring and location header Weak password cracking multithreaded Version enumeration from generator meta tag and from client side files Vulnerability enumeration based on version Plugin enumeratio...

Puppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities

According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.1.1. As a result, it is reportedly affected by multiple vulnerabilities : - An input validation error exists related to the included Ruby version, handling string to floating point...

Amazon Linux AMI : ruby19 (ALAS-2014-290)

Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...

Moderate: Red Hat Security Advisory: rubygems security update

An updated rubygems package that fixes one security issue is now available for Red Hat OpenShift Enterprise 2.0.2. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

rubygems: version regex algorithmic complexity vulnerability

A denial of service vulnerability exists in the RubyGems versions 2.0.7 or older, such that when RubyGems validates versioning it performs a wrong regular expression causing resource consumption due to algorithmic complexity...

rubygems: Two security fixes in v1.8.23

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...

Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Grid 2.4 security update

Updated Grid component packages that fix multiple security issues are now available for Red Hat Enterprise MRG 2.4 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whi...

Webbynode Ruby Gems命令注入漏洞

Bugtraq ID:64289 CVE ID:CVE-2013-7086 Ruby Gem Webbynode是一款让用户部署应用至Webbynode平台的工具。 Ruby Gem Webbynode没有正确过滤通过growlnotify命令所提交的消息，如果消息中包含shell元字符，可以应用程序上下文执行任意命令。 0 Ruby Gem Webbynode 1.0.5.3 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://rubygems.org/gems/webbynode...

Moderate: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Amazon Linux AMI : rubygems (ALAS-2013-231)

Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CP...

CentOS Update for rubygems CESA-2013:1441 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for rubygems CESA-2013:1441 centos6

Check for the Version of rubygems OpenVAS Vulnerability Test CentOS Update for rubygems CESA-2013:1441 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Oracle Linux 6 : rubygems (ELSA-2013-1441)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2013-1441 advisory. - Remove regexp backtracing CVE-2013-4363. - Related: rhbz1002838. - Fix insecure connection to SSL repository CVE-2012-2125, CVE-2012-2126. - Related:...

CentOS 6 : rubygems (CESA-2013:1441)

An updated rubygems package that fixes three security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...