1230 matches found
WEBrick Denial of Service Vulnerability
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service CPU consumption via a crafted HTTP request. NOTE: This issue exists because of an incomplete fix for CVE-2008-3656...
Spree Hash Restriction Weakness URL Parsing Order State Value Manipulation
Spree contains a hash restriction weakness that occurs when parsing a modified URL. This may allow an attacker to manipulate order state values...
CVE-2008-3790 ruby: DoS vulnerability in the REXML module
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service CPU consumption via an XML document with recursively nested entities, aka an "XML entity explosion...
Ruby Memory allocation failure in Ruby regex engine (remotely exploitable DoS)
The regular expression engine regex.c in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service infinite loop and crash via multiple long requests to a Ruby socket, related to memory allocation failure...
Algorithmic complexity vulnerability in the WEBrick
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...
Spree Hardcoded config.action_controller_session Hash Value Cryptographic Protection Weakness
Spree contains a hardcoded flaw related to the config.actioncontrollersession hash value. This may allow an attacker to more easily bypass cryptographic protection...
Ruby missing "taintness" checks in dl module
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen...
Ruby multiple insufficient safe mode restrictions
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...
More ruby integer overflows (rb_ary_fill / Array#fill)
Integer overflow in the rbaryfill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service crash or possibly have unspecified other impact via a call to the Arrayfill method with a start aka beg argument greater than ARYMAXSIZE. NOTE: this...
CVE-2008-2662 ruby: Integer overflows in rb_str_buf_append()
Multiple integer overflows in the rbstrbufappend function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that...
CVE-2008-2726 ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen
Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg +...
CVE-2008-2725 ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N
Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the...
CVE-2008-2664 ruby: Unsafe use of alloca in rb_str_format()
The rbstrformat function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662,...
CVE-2008-2663 ruby: Integer overflows in rb_ary_store()
Multiple integer overflows in the rbarystore function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than...
ruby -- DNS spoofing vulnerability in resolv.rb
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than...
ruby -- DNS spoofing vulnerability in resolv.rb
resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports, so resolv.rb is fixed to randomize them...
Directory traversal vulnerability in WEBrick
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing 1 + plus, 2 %2b encode...
Directory traversal vulnerability in WEBrick
Directory traversal vulnerability in WEBrick when running on systems that support backslash path separators or case-insensitive file names, allows remote attackers to access arbitrary files via 1 "..%5c" encoded backslash sequences or 2 filenames that match patterns in the :NondisclosureName opti...
CVE-2007-6183 ruby-gnome2: format string vulnerability
Format string vulnerability in the mdiaginitialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 aka Ruby/Gnome2 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter...
Ruby Net::HTTPS library does not validate server certificate CN
The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...
Ruby Net::HTTPS library does not validate server certificate CN
The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...
CVE-2007-0469 RubyGems: Specially-crafted Gem archive can overwrite system files
The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...
Another DoS Vulnerability in CGI Library
The readmultipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service infinite loop via crafted HTTP requests, a different issue than CVE-2006-5467...
Denial of service vulnerabilities in the Ruby CGI
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and...
ruby1.8 vulnerability
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass safe level checks via unspecified vectors involving 1 the alias function and 2 directory operations...
RWiki before 2.1.1 has cross-site scripting vulnerability
Cross-site scripting XSS vulnerability in Wiki content in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors...
High severity vulnerability that affects rwiki
The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors...
Ruby http/xmlrpc server DoS
The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service blocked connections via a large amount of data...
Security Bypass Vulnerability with Ruby
The Ruby language has a security mechanism security model that can restrict operations on untrusted objects. This security model is based on mechanisms called "object taint" and "safe level." A vulnerability has been confirmed that allows arbitrary script execution by bypassing the "safe level"...
Ruby XML-RPC Remote Arbitrary Command Execution
The XMLRPC server in utils.rb for the ruby library libruby 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands...