1230 matches found
CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...
Ruby on Rails omniauth-oauth2 Gem CSRF vulnerability
The omniauth-oauth2 Ruby Gem contains a flaw that allows an attacker to inject values into a user's session through a CSRF attack...
CVE-2012-3464 rubygem-actionpack: potential XSS vulnerability
Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' quote character...
CVE-2012-3465 rubygem-actionpack: XSS Vulnerability in strip_tags
Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup...
CVE-2012-3463 rubygem-actionpack: potential XSS vulnerability in select_tag prompt
Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formtaghelper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the selecttag helper...
Chef Improper Access Control Vulnerability
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI...
CVE-2012-3424 rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest
The decodecredentials method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging...
CVE-2012-6685 rubygem-nokogiri: XML eXternal Entity (XXE) flaw
Nokogiri before 1.5.4 is vulnerable to XXE attacks...
rack-cache Rubygem Sensitive HTTP Header Caching Weakness
Rack::Cache rack-cache contains a flaw related to the rubygem caching sensitive HTTP headers. This will result in a weakness that may make it easier for an attacker to gain access to a user's session via a specially crafted header...
CVE-2012-2661 rubygem-activerecord: SQL injection when processing nested query paramaters
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...
CVE-2012-2660 rubygem-actionpack: Unsafe query generation
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...
Puppet Privilege Escallation
The changeuser method in the SUIDManager lib/puppet/util/suidmanager.rb in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors...
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages...
CVE-2012-6109 rubygem-rack: parsing Content-Disposition header DoS
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service infinite loop via a crafted Content-Disposion header...
CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...
CVE-2012-2140 rubygem-mail: arbitrary command execution when using exim or sendmail from commandline
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a 1 sendmail or 2 exim delivery...
CVE-2012-2139 rubygem-mail: directory traversal
Directory traversal vulnerability in lib/mail/network/deliverymethods/filedelivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. dot dot in the to parameter...
CVE-2012-1099 rubygem-actionpack: XSS in the "select" helper
Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...
CVE-2012-1098 rubygem-activesupport: XSS in SafeBuffer#[] (unescaped safe buffers can be marked as safe)
Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...
CVE-2012-6684 rubygem-RedCloth: XSS vulnerability
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...
Phusion Passenger Gem for Ruby Arbitrary File Deletion
Phusion Passenger Gem for Ruby contains a flaw that is triggered during application startup. This issue may allow a local attacker to delete arbitrary files via an application process. If the program has completed the start up process this vulnerability is no longer exploitable...
CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
Ruby aka CRuby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...
CVE-2011-5036 rubygem-rack: hash table collisions DoS (oCERT-2011-003)
Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...
CVE-2011-4838 jruby: hash table collisions DoS (oCERT-2011-003)
JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...
Puppet uses predictable filenames, allowing arbitrary file overwrite
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...
Puppet allows local users to modify the permissions of arbitrary files
Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorizedkeys file...
Remote Command Execution in Spree search functionality
Spree versions prior to 0.60.2 contain a remote command execution vulnerability in the search functionality. The application fails to properly sanitize input passed via the search:send parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute arbitrary she...
jQuery vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...
CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...
Response Splitting Vulnerability in Ruby on Rails
A response splitting flaw in Ruby on Rails 2.3.x was reported that could allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types...
Ruby Random Number Generation Local Denial Of Service Vulnerability
The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...
Ruby Properly initialize the random number generator when forking new process
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...
Ruby Random Number Generation Local Denial Of Service Vulnerability
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issu...
rubygem-sqlite3 gem uses weak file permissions
The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise SLE 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors...
Ruby memory corruption in BigDecimal on 64bit platforms
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service applicati...
CVE-2011-1004 Ruby: Symlink race condition by removing directory trees in fileutils module
The FileUtils.removeentrysecure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack...
CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...
Remote Command Execution in Spree search functionality
Spree versions prior to 0.60.2 contain a remote command execution vulnerability in the search functionality. The application fails to properly sanitize input passed via the search:send parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute arbitrary she...
Mail Gem for Ruby lib/mail/network/delivery_methods/sendmail.rb Email From: Address Arbitrary Shell Command Injection
Mail Gem for Ruby contains a flaw related to the failure to properly sanitise input passed from an email from address in the 'deliver' function in 'lib/mail/network/deliverymethods/sendmail.rb' before being used as a command line argument. This may allow a remote attacker to inject arbitrary shel...
Spree Multiple Script JSON Request Validation Weakness Remote Information Disclosure
Spree contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the application exchanges data using the JSON service without validating requests, which will disclose sensitive user and order information to a context-dependent attacker when a logged-in...
Ruby on Windows ARGF.inplace_mode Variable Local Overflow
Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplacemode value that is not properly handled when constructing the filenames of the backup files...
CVE-2010-0541 Ruby WEBrick javascript injection flaw
Cross-site scripting XSS vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page...
CVE-2010-1330 jruby: XSS in the regular expression engine when processing invalid UTF-8 byte sequences
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...
CVE-2009-4492 ruby WEBrick log escape sequence
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...
CVE-2009-4124 ruby: Heap-based buffer overflow in the rb_str_justify() function
Heap-based buffer overflow in the rbstrjustify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving 1 Stringljust, 2 Stringcenter, or 3 Stringrjust. NOTE: some of these details are obtained from third...
jruby-openssl Gem for JRuby fails to do proper certificate validation
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...
High Security Vulnerability with authenticate_with_http_digest of Rails
The example code for the digest authentication functionality httpauthentication.rb in Ruby on Rails before 2.3.3 defines an authenticateorrequestwithhttpdigest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication f...
CVE-2009-1904 ruby: DoS vulnerability in BigDecimal
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service application crash via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type...
Ruby DL::dlopen could open a library with tainted library name even if $SAFE > 0
DL::dlopen could open a library with tainted library name even if $SAFE 0...
Ruby 'OCSP_basic_verify()' X.509 Certificate Verification Vulnerability
ext/openssl/osslocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSPbasicverify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate...