CVE-2012-2126

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...

MDVA-2009:117 : ruby-RubyGems

On x8664, rubygems assumes that the gem installation path is in /usr/lib64/ruby. This is problematic because all of the Mandriva ruby- packages install their rb files under /usr/lib/ruby regardless of the machine architecture; rubygems consequently cannot find any of the installed gems. This upda...

openSUSE Security Update : rubygem-actionpack (rubygem-actionpack-1946)

This update of rubygems fixes two vulnerabilities : - CVE-2008-7248: CVSS v2 Base Score: 4.3 Rails CSRF protection can be bypassed by using special content-types for a HTTP request. - CVE-2009-4214: CVSS v2 Base Score: 4.3 The method striptags does not completely protect against XSS attacks...

Fedora Update for rubygems FEDORA-2008-8322

Check for the Version of rubygems OpenVAS Vulnerability Test Fedora Update for rubygems FEDORA-2008-8322 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for rubygems FEDORA-2008-8282

Check for the Version of rubygems OpenVAS Vulnerability Test Fedora Update for rubygems FEDORA-2008-8282 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for rubygems FEDORA-2008-8322

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for rubygems FEDORA-2008-8282

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

[SECURITY] Fedora 8 Update: rubygems-1.2.0-2.fc8

RubyGems is the Ruby standard for publishing and managing third party libraries...

[SECURITY] Fedora 9 Update: rubygems-1.2.0-2.fc9

RubyGems is the Ruby standard for publishing and managing third party libraries...

openSUSE 10 Security Update : rubygems (rubygems-2644)

This update fixes a vulnerability in rubygems that allowed to overwrite files with root privileges. CVE-2007-0469 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update rubygems-2644. The text...

wordpress-toolkit-gui.txt

Copyright c 2007 Lance M. Havok . All Rights Reserved. Exploits R' Us: bringing the amazing world of exploitation toys to your mom. Please read http://www.info-pull.com/code/DISCLAIMER for licensing terms. begin require 'pwnpress' require 'rubygems' require 'fox16' include Fox rescue puts "Need...

CVE-2007-0469

The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...

Code injection

The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...

CVE-2007-0469

The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...

CVE-2007-0469

The CVE-2007-0469 issue affects RubyGems before 0.9.1. The extract_files function in installer.rb can overwrite existing files without checking for their existence, allowing user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via craft...

CVE-2007-0469

The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...

CVE-2007-0469 RubyGems: Specially-crafted Gem archive can overwrite system files

The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...