-
Ubuntu Security Notice USN-7091-1
Ruby Files ≈ Packet Storm Nov 5, 2024 | 15:22 pmUbuntu Security Notice 7091-1 - It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash,[…]
Read more... -
Ruby-SAML / GitLab Authentication Bypass
Ruby Files ≈ Packet Storm Oct 7, 2024 | 14:14 pmThis script exploits the issue noted in CVE-2024-45409 that allows an unauthenticated attacker with access to any signed SAML document issued by the IDP to forge a SAML Response/Assertion and gain access as any user on GitLab. Ruby-SAML versions below[…]
Read more... -
Debian Security Advisory 5774-1
Ruby Files ≈ Packet Storm Sep 23, 2024 | 14:43 pmDebian Linux Security Advisory 5774-1 - It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify the signature of the SAML Response, which could result in bypass of authentication in[…]
Read more... -
Red Hat Security Advisory 2024-6784-03
Ruby Files ≈ Packet Storm Sep 19, 2024 | 13:39 pmRed Hat Security Advisory 2024-6784-03 - An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
Read more... -
Red Hat Security Advisory 2024-6785-03
Ruby Files ≈ Packet Storm Sep 19, 2024 | 13:39 pmRed Hat Security Advisory 2024-6785-03 - An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
Read more... -
Ruby On Rails JSON Processor YAML Deserialization Scanner
Ruby Files ≈ Packet Storm Sep 1, 2024 | 17:10 pmThis Metasploit module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the JSON request processor.
Read more... -
Ruby On Rails XML Processor YAML Deserialization Scanner
Ruby Files ≈ Packet Storm Sep 1, 2024 | 16:04 pmThis Metasploit module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the XML request processor.
Read more... -
Ruby On Rails Devise Authentication Password Reset
Ruby Files ≈ Packet Storm Aug 31, 2024 | 21:43 pmThe Devise authentication gem for Ruby on Rails is vulnerable to a password reset exploit leveraging type confusion. By submitting XML to rails, we can influence the type used for the reset_password_token parameter. This allows for resetting passwords of arbitrary[…]
Read more... -
Apple TV Video Remote Control
Ruby Files ≈ Packet Storm Aug 31, 2024 | 21:27 pmThis Metasploit module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky about the server that hosts the video. Tested servers include default IIS, default Apache, and Rubys WEBrick. For WEBrick, the default MIME list[…]
Read more... -
Ruby On Rails File Content Disclosure
Ruby Files ≈ Packet Storm Aug 31, 2024 | 19:37 pmThis Metasploit module uses a path traversal vulnerability in Ruby on Rails versions 5.2.2 and below to read files on a target server.
Read more...
Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!
Sie können durch Schliessen dieses Fensters natürlich mit AdBlocker weitermachen - wenn Sie mit dieser Schuld leben können .... es liegt an Ihnen - AdBlocker abschalten und ruhig schlafen können oder mit AdBlocker weitermachen und von übelsten Albträumen gequält werden!
Wir haben Sie gewarnt ....