Debian Linux Security Advisory 2466-1 - Sergey Nartimov discovered that in Rails, a Ruby based framework for web development, when developers generate html options tags manually, user input concatenated with manually built tags may not be escaped and an attacker can inject arbitrary HTML into the document.
968466bb34000fb6311589de4907c7f7Secunia Security Advisory - Some vulnerabilities have been reported in the Mail gem for Ruby, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.
d5ab534889819c8432511ec15c146684Secunia Security Advisory - Two vulnerabilities have been reported in the Zip/Ruby gem for Ruby, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
109e7c6569665fd49304e93615609bc2Secunia Security Advisory - Two vulnerabilities have been reported in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting attacks.
3fe8e95347f131d8cb808023a5f26f5fSecunia Security Advisory - Ubuntu has issued an update for ruby. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
7149f43a9c04dfc5a1ce1502418b3df2Mandriva Linux Security Advisory 2012-024 - Ruby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via crafted input to an application that maintains a hash table. The updated packages have been patched to correct this issue.
1d8d72261c80ebe8501cf18c76dafc78Ubuntu Security Notice 1377-1 - Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bit platforms. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
96e246b81f447daeed7e88c291d1bc26Secunia Security Advisory - SUSE has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
eb304d5d54bc33d9025bda57907b57c3The Whitewash module allows Ruby programs to clean up any HTML document or fragment coming from an untrusted source and to remove all dangerous constructs that could be used for cross-site scripting or request forgery. All HTML tags, attribute names and values, and CSS properties are filtered through a whitelist that defines which names and what kinds of values are allowed; everything that doesn't match the whitelist is removed. The whitelist is provided externally, and the default whitelist is loaded from the whitelist.yaml shipped with Whitewash. The default is the most strict (for example, it does not allow cross-site links to images in IMG tags) and can be considered safe for all uses.
c004def72787e8d8222d7b2e16706e97Secunia Security Advisory - Red Hat has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
d39a8a0ace36eebb460f9e17b5bfbb32Secunia Security Advisory - Red Hat has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
3773347780b8ad3347a441d8332ec7c5Red Hat Security Advisory 2012-0070-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays in Ruby. An attacker able to supply a large number of inputs to a Ruby application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
d315ce01d286f71b01b0b81eb34f1950Red Hat Security Advisory 2012-0069-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays in Ruby. An attacker able to supply a large number of inputs to a Ruby application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
ef371079c7969e4ffda3cb3dc3bff183Debian Linux Security Advisory 2301-2 - It was discovered that the last security update for Ruby on Rails, DSA-2301-1, introduced a regression in the libactionpack-ruby package.
86e712f2bcf807c2b53cb936f7fdbe7fSecunia Security Advisory - A vulnerability has been reported in Ruby, which can be exploited by malicious people to cause a DoS (Denial of Service).
ae4a837d56756e1c5a4d60000a8713a5Secunia Security Advisory - SUSE has issued an update for Ruby on Rails. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, and conduct HTTP response splitting, cross-site scripting, cross-site request forgery, and SQL injection attacks.
34fcb5157b091d6fa99cb9c77f69f993Red Hat Security Advisory 2011-1581-03 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that Ruby did not reinitialize the PRNG after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes. A flaw was found in the Ruby SecureRandom module. When using the SecureRandom.random_bytes class, the PRNG state was not modified after forking a child process. This could eventually lead to SecureRandom.random_bytes returning the same string more than once. An attacker keeping track of the strings returned by one child process could use this flaw to predict the strings SecureRandom.random_bytes would return in other child processes.
0ae37fa667a635323e4b590490b5c715Secunia Security Advisory - A vulnerability has been reported in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting attacks.
7614764a67960a53714173e1e5d4f1b0This Metasploit module exploits an arbitrary command execution vulnerability in the Spreecommerce search. Unvalidated input is called via the Ruby send method allowing command execution.
c5507048e088c83936d0f914767dec99VUPEN Vulnerability Research Team discovered a vulnerability in Google Chrome. The vulnerability is caused by a stale pointer in the WebKit engine when deleting a Ruby tag and its children in a specific order, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
1e3c4201232a9f132b241db1bd1c8c53Debian Linux Security Advisory 2301-1 - Several vulnerabilities have been discovered in Rails, the Ruby web application framework.
f8523f31b02748f8ccdff1771a9e514eBadAss is a Ruby script that provides an easy to use interface to tools like nmap, nikto, sqlmap, and may more.
38f13c27a27d645415aafa2e425ea861BadAss is a Ruby script that provides an easy to use interface to tools like nmap, nikto, sqlmap, and may more.
fc2cc07e6be2c452bd60d7d9af964a46Secunia Security Advisory - Some vulnerabilities have been reported in Ruby on Rails, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response splitting attacks, and conduct SQL injection attacks.
65f8b4400d2d3f16a5226536270303c6The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
9b4426a919491d897dc38bd96e6c5ef1
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed