1220 matches found
Reflective XSS Vulnerability in Ruby on Rails
There is a vulnerability in the internationalization component of Ruby on Rails. Under certain common configurations an attacker can provide specially crafted input which will execute a reflective XSS attack. The root cause of this issue is a vulnerability in the i18n gem which has been assigned...
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
The prior fix to CVE-2013-0155 was incomplete and the use of common 3rd party libraries can accidentally circumvent the protection. Due to the way that Rack::Request and Rails::Request interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store...
XSS Vulnerability in simple_format helper
There is a vulnerability in the simpleformat helper in Ruby on Rails. The simpleformat helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped...
Denial of Service Vulnerability in Action View
There is a denial of service vulnerability in the header handling component of Action View...
XSS Vulnerability in number_to_currency
There is an XSS vulnerability in the numbertocurrency helper in Ruby on Raile. The numbertocurrency helper allows users to nicely format a numeric value. One of the parameters to the helper unit is not escaped correctly. Applications which pass user controlled data as the unit parameter are...
sprout Gem for Ruby archive_unpacker.rb unpack_zip() Function Multiple Parameter Arbitrary Code Execution
sprout Gem for Ruby contains a flaw in the unpackzip function in archiveunpacker.rb. The issue is due to the program failing to properly sanitize input passed via the 'zipfile', 'dir', 'zipname', and 'output' parameters. This may allow a context-dependent attacker to execute arbitrary code...
CVE-2013-4164 ruby: heap overflow in floating point parsing
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a string that is converted to...
omniauth-facebook Gem for Ruby Insecure Access Token Handling Authentication Bypass
omniauth-facebook Gem for Ruby contains a flaw that is due to the application supporting passing the access token via the URL. This may allow a remote attacker to bypass authentication and authenticate as another user...
omniauth-facebook Gem for Ruby Unspecified CSRF
omniauth-facebook Gem for Ruby contains a flaw as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site...
GitLab Grit Gem for Ruby contains a flaw
GitLab Grit Gem for Ruby contains a flaw in the app/contexts/searchcontext.rb script. The issue is triggered when input passed via the code search box is not properly sanitized, which allows strings to be evaluated by the Bourne shell. This may allow a remote attacker to execute arbitrary command...
Sup did not sanitize the content-type of attachments
Sup MUA contains a flaw that is triggered when handling email attachment content. This may allow a context-dependent attacker to execute arbitrary commands...
Sup wrongly handled the filename of attachments
Sup MUA contains a flaw that is triggered when handling email attachment content. This may allow a context-dependent attacker to execute arbitrary commands...
Cocaine Gem for Ruby contains a flaw
Cocaine Gem for Ruby contains a flaw that is due to the method of variable interpolation used by the program. With a specially crafted object, a context-dependent attacker can execute arbitrary commands...
CVE-2013-4389 rubygem-actionmailer: email address processing DoS
Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...
Wicked Gem for Ruby contains a flaw
Wicked Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed via the 'thestep' parameter upon submission to the renderredirect.rb script. This may allow a remote attacker to gain access to arbitrary files...
Vulnerability in aescrypt because IV is not randomized
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...
CVE-2013-4363 rubygems: version regex algorithmic complexity vulnerability, incomplete CVE-2013-4287 fix
'Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service C...
CVE-2013-6459 rubygem-will_paginate: XSS vulnerabilities
Cross-site scripting XSS vulnerability in the willpaginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. It was found that ruby willpaginate is vulnerable to a XSS via malformed input that cause paginatio...
CVE-2013-4287 rubygems: version regex algorithmic complexity vulnerability
Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CPU...
fog-dragonfly Gem for Ruby imagemagickutils.rb Remote Command Execution
fog-dragonfly Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed via the imagemagickutils.rb script. This may allow a remote attacker to execute arbitrary commands...
fog-dragonfly Gem for Ruby imagemagickutils.rb Remote Command Execution
fog-dragonfly Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed via the imagemagickutils.rb script. This may allow a remote attacker to execute arbitrary commands. This gem has been renamed. Please use "dragonfly" from now on...
Features Gem for Ruby /tmp/out.html Local XSS
Features Gem for Ruby contains a flaw that allows a local cross-site scripting XSS attack. This flaw exists because the application does not validate certain input upon submission to /tmp/out.html. This may allow an attacker to create a specially crafted request that would execute arbitrary scrip...
Sounder Gem for Ruby File Name Handling Arbitrary Command Execution
Sounder Gem for Ruby contains a flaw that is triggered during the handling of file names. This may allow a context-dependent attacker to execute arbitrary commands...
rgpg Gem for Ruby lib/rgpg/gpg_helper.rb Remote Command Execution
rgpg Gem for Ruby contains a flaw in the GpgHelper module lib/rgpg/gpghelper.rb. The issue is due to the program failing to properly sanitize user-supplied input before being used in the system function for execution. This may allow a remote attacker to execute arbitrary commands...
Ember.js Potential XSS Exploit When Binding `tagName` to User-Supplied Data
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the tagName property of an Ember.View was inserted into such a string without being sanitized. This means that if an application assigns a view's tagName to...
CVE-2014-2538 rubygem rack-ssl: URL error display XSS
Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack...
CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client
The OpenSSL::SSL.verifycertificateidentity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows...
CVE-2013-4136 rubygem-passenger: insecure temporary directory usage due toreuse of existing server instance directories
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/...
CVE-2013-2119 rubygem-passenger: incorrect temporary file usage
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service prevent application start or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem...
Show In Browser Gem for Ruby /tmp/browser.html Arbitrary Script Injection
Show In Browser Gem for Ruby contains a flaw that is triggered when the application does not validate input passed via the /tmp/browser.html file. This may allow a local attacker to create a specially crafted request that would execute arbitrary script code in a user's browser...
Creme Fraiche Gem for Ruby File Name Shell Metacharacter Injection Arbitrary Command Execution
Creme Fraiche Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input in file names. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...
CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle
1 DL and 2 Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions...
Data-type injection vulnerability
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...
md2pdf Gem for Ruby md2pdf/converter.rb File Name Shell Metacharacter Injection Arbitrary Command Execution
md2pdf Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to md2pdf/converter.rb. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...
Karteek Docsplit Gem for Ruby text_extractor.rb File Name Shell Metacharacter Injection Arbitrary Command Execution
Karteek Docsplit Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to textextractor.rb. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...
kelredd-pruview Gem for Ruby /lib/pruview/document.rb File Name Shell Metacharacter Injection Arbitrary Command Execution
kelredd-pruview Gem for Ruby contains a flaw in /lib/pruview/document.rb. The issue is triggered during the handling of a specially crafted file name that contains injected shell metacharacters. This may allow a context-dependent attacker to potentially execute arbitrary commands...
ldoce Gem for Ruby MP3 URL Shell Metacharacter Injection Arbitrary Command Execution
ldoce Gem for Ruby contains a flaw that is triggered during the handling of a specially crafted URL or filename for MP3 files that have shell metacharacters injected in to it. This may allow a context-dependent attacker to execute arbitrary commands...
Thumbshooter Gem for Ruby thumbshooter.rb URL Shell Metacharacter Injection Arbitrary Command Execution
Thumbshooter Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to thumbshooter.rb. With a specially crafted URL that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...
CVE-2013-1857 rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails
'The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...
CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css
The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...
XML Parsing Vulnerability affecting JRuby users
The ActiveSupport XML parsing functionality supports multiple pluggable backends. One backend supported for JRuby users is ActiveSupport::XmlMiniJDOM which makes use of the javax.xml.parsers.DocumentBuilder class. In some JVM configurations the default settings of that class can allow an attacker...
CVE-2013-1854 rubygem-activerecord: attribute_dos Symbol DoS vulnerability
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method. A flaw was found in the way...
command_wrap Gem for Ruby URI Handling Arbitrary Command Injection
commandwrap Gem for Ruby contains a flaw that is triggered during the handling of input passed via the URL that contains a semicolon character ;. This will allow a remote attacker to inject arbitrary commands and have them executed in the context of the user clicking it...
fastreader Gem for Ruby URI Handling Arbitrary Command Injection
fastreader Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input passed via a URL that contains a ';' character. This may allow a context-dependent attacker to potentially execute arbitrary commands...
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
MiniMagick Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input from an untrusted source passed via a URL that contains a ';' character. This may allow a context-dependent attacker to potentially execute arbitrary commands...
CVE-2013-2617 rubygem-curl: insufficient URL escaping command injection
lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
flashtool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands...
fileutils Gem for Ruby file_utils.rb Crafted URL Handling Remote Command Execution
fileutils Gem for Ruby contains a flaw in fileutils.rb. The issue is triggered when handling a specially crafted URL containing a command after a delimiter ;. This may allow a remote attacker to potentially execute arbitrary commands...
ftpd Gem for Ruby Shell Character Handling Remote Command Injection
ftpd Gem for Ruby contains a flaw that is triggered when handling a specially crafted option or filename that contains a shell character. This may allow a remote attacker to inject arbitrary commands...
CVE-2013-1821 ruby: entity expansion DoS vulnerability in REXML
lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...