5605 matches found
Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)
Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The updated packages have been patched to address this issue. %NASLMINLEVEL 70300 C...
GLSA-200510-21 : phpMyAdmin: Local file inclusion and XSS vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200510-21 phpMyAdmin: Local file inclusion and XSS vulnerabilities Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg...
phpMyAdmin: Local file inclusion and XSS vulnerabilities
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg configuration...
Microsoft IIS - SA WebAgent 5.25.3 Redirect Overflow (Metasploit)
Microsoft IIS - SA WebAgent 5.25.3 Redirect Overflow Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core...
GLSA-200510-16 : phpMyAdmin: Local file inclusion vulnerability
The remote host is affected by the vulnerability described in GLSA-200510-16 phpMyAdmin: Local file inclusion vulnerability Maksymilian Arciemowicz reported that in libraries/grabglobals.lib.php, the $redirect parameter was not correctly validated. Systems running PHP in safe mode are not affecte...
Debian DSA-864-1 : ruby1.8 - programming error
Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable woody...
phpMyAdmin: Local file inclusion vulnerability
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Maksymilian Arciemowicz reported that in libraries/grabglobals.lib.php, the $redirect parameter was not correctly validated. Systems running PHP in safe mode are not affected...
DSA-864-1 ruby1.8 - programming error
Bulletin has no description...
Moderate: Red Hat Security Advisory: ruby security update
Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 25 Oct 2005 Errata has been updated to include missing packages for Red Hat Enterprise Linux 3. Ruby ...
security flaw
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input stdin...
[SECURITY] [DSA 862-1] New Ruby 1.6 packages fix safety bypass
-------------------------------------------------------------------------- Debian Security Advisory DSA 862-1 [email protected] http://www.debian.org/security/ Martin Schulze October 11th, 2005 http://www.debian.org/security/faq -...
Debian DSA-862-1 : ruby1.6 - programming error
Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable woody...
DSA-860-1 ruby - programming error
Bulletin has no description...
Debian DSA-860-1 : ruby - programming error
Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable woody...
USN-195-1: Ruby vulnerability
The object oriented scripting language Ruby supports safely executing untrusted code with two mechanisms: safe level and taint flag on objects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby methods to bypass these mechanisms. In systems which use this feature, this could be exploite...
Arbitrary Code Execution
Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program throu...
CVE-2005-2337
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input stdin...
CVE-2005-2337
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input stdin...
CVE-2005-2337
CVE-2005-2337 affects Ruby 1.6.x (up to 1.6.8), 1.8.x (up to 1.8.2), and 1.9.0 development up to 2005-09-01. The issue allows bypassing safe level and taint protections to execute disallowed code when code is read from standard input, enabling potential arbitrary code execution. Root cause: bypas...
Security Bypass Vulnerability with Ruby
The Ruby language has a security mechanism security model that can restrict operations on untrusted objects. This security model is based on mechanisms called "object taint" and "safe level." A vulnerability has been confirmed that allows arbitrary script execution by bypassing the "safe level"...