Search Results (Refine Search)
- Keyword (text search): Ruby
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-2666 |
Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++. Published: May 14, 2007; 7:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2006-6979 |
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters. Published: February 08, 2007; 1:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-0469 |
The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages. Published: January 23, 2007; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-6852 |
Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information. Published: December 31, 2006; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2006-6303 |
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. Published: December 06, 2006; 2:28:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-5467 |
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID. Published: October 27, 2006; 2:07:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-4111 |
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112. Published: August 14, 2006; 5:04:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-4112 |
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111. Published: August 14, 2006; 5:04:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-3694 |
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". Published: July 21, 2006; 10:03:00 AM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2006-2582 |
The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors. Published: May 25, 2006; 6:02:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-1931 |
The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. Published: April 20, 2006; 5:02:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-2337 |
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). Published: October 07, 2005; 7:02:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-1992 |
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. Published: June 20, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-0983 |
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. Published: March 01, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-0755 |
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. Published: October 20, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |