Lucene search
+L

5605 matches found

nessus
nessus
added 2005/11/02 12:0 a.m.30 views

Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The updated packages have been patched to address this issue. %NASLMINLEVEL 70300 C...

7.5CVSS5.2AI score0.03256EPSS
Exploits0References1
nessus
nessus
added 2005/10/28 12:0 a.m.46 views

GLSA-200510-21 : phpMyAdmin: Local file inclusion and XSS vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200510-21 phpMyAdmin: Local file inclusion and XSS vulnerabilities Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg...

5CVSS5.8AI score0.05617EPSS
Exploits0References4
gentoo
gentoo
added 2005/10/25 12:0 a.m.35 views

phpMyAdmin: Local file inclusion and XSS vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg configuration...

5CVSS6.8AI score0.05617EPSS
Exploits0
exploitpack
exploitpack
added 2005/10/19 12:0 a.m.9 views

Microsoft IIS - SA WebAgent 5.25.3 Redirect Overflow (Metasploit)

Microsoft IIS - SA WebAgent 5.25.3 Redirect Overflow Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core...

0.5AI score
Exploits0
nessus
nessus
added 2005/10/19 12:0 a.m.52 views

GLSA-200510-16 : phpMyAdmin: Local file inclusion vulnerability

The remote host is affected by the vulnerability described in GLSA-200510-16 phpMyAdmin: Local file inclusion vulnerability Maksymilian Arciemowicz reported that in libraries/grabglobals.lib.php, the $redirect parameter was not correctly validated. Systems running PHP in safe mode are not affecte...

5CVSS8.8AI score0.15919EPSS
Exploits0References3
nessus
nessus
added 2005/10/19 12:0 a.m.33 views

Debian DSA-864-1 : ruby1.8 - programming error

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable woody...

7.5CVSS5.3AI score0.03256EPSS
Exploits0References3
gentoo
gentoo
added 2005/10/17 12:0 a.m.63 views

phpMyAdmin: Local file inclusion vulnerability

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Maksymilian Arciemowicz reported that in libraries/grabglobals.lib.php, the $redirect parameter was not correctly validated. Systems running PHP in safe mode are not affected...

5CVSS9.3AI score0.15919EPSS
Exploits0
osv
osv
added 2005/10/13 12:0 a.m.15 views

DSA-864-1 ruby1.8 - programming error

Bulletin has no description...

7.5CVSS6.3AI score0.03256EPSS
Exploits0
redhat
redhat
added 2005/10/11 4:3 p.m.33 views

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 25 Oct 2005 Errata has been updated to include missing packages for Red Hat Enterprise Linux 3. Ruby ...

7.5CVSS5.9AI score0.03256EPSS
Exploits0References2
redhat
redhat
added 2005/10/11 4:3 p.m.8 views

security flaw

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input stdin...

7.5CVSS5.9AI score0.03256EPSS
Exploits0References4
debian
debian
added 2005/10/11 7:1 a.m.35 views

[SECURITY] [DSA 862-1] New Ruby 1.6 packages fix safety bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 862-1 [email protected] http://www.debian.org/security/ Martin Schulze October 11th, 2005 http://www.debian.org/security/faq -...

7.5CVSS0.1AI score0.03256EPSS
Exploits0
nessus
nessus
added 2005/10/11 12:0 a.m.26 views

Debian DSA-862-1 : ruby1.6 - programming error

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable woody...

7.5CVSS5.3AI score0.03256EPSS
Exploits0References3
osv
osv
added 2005/10/11 12:0 a.m.17 views

DSA-860-1 ruby - programming error

Bulletin has no description...

7.5CVSS6.3AI score0.03256EPSS
Exploits0
nessus
nessus
added 2005/10/11 12:0 a.m.32 views

Debian DSA-860-1 : ruby - programming error

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable woody...

7.5CVSS5.3AI score0.03256EPSS
Exploits0References3
ubuntu
ubuntu
added 2005/10/10 4:57 p.m.65 views

USN-195-1: Ruby vulnerability

The object oriented scripting language Ruby supports safely executing untrusted code with two mechanisms: safe level and taint flag on objects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby methods to bypass these mechanisms. In systems which use this feature, this could be exploite...

7.5CVSS5.6AI score0.03256EPSS
Exploits0
snyk
snyk
added 2005/10/07 11:2 p.m.5 views

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program throu...

7.5CVSS7.5AI score0.03256EPSS
Exploits0References2
nvd
nvd
added 2005/10/07 11:2 p.m.19 views

CVE-2005-2337

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input stdin...

7.5CVSS6.5AI score0.03256EPSS
Exploits0References28
cvelist
cvelist
added 2005/10/07 4:0 a.m.28 views

CVE-2005-2337

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input stdin...

6.5AI score0.03256EPSS
Exploits0References28
cve
cve
added 2005/10/07 4:0 a.m.135 views

CVE-2005-2337

CVE-2005-2337 affects Ruby 1.6.x (up to 1.6.8), 1.8.x (up to 1.8.2), and 1.9.0 development up to 2005-09-01. The issue allows bypassing safe level and taint protections to execute disallowed code when code is read from standard input, enabling potential arbitrary code execution. Root cause: bypas...

7.5CVSS6.5AI score0.03256EPSS
Exploits0References28Affected Software1
rubygems
rubygems
added 2005/10/07 12:0 a.m.8 views

Security Bypass Vulnerability with Ruby

The Ruby language has a security mechanism security model that can restrict operations on untrusted objects. This security model is based on mechanisms called "object taint" and "safe level." A vulnerability has been confirmed that allows arbitrary script execution by bypassing the "safe level"...

7.5CVSS5.8AI score0.03256EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder