Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Date Rubygem Title CVE
2014-09-29 web-console Web Console Gem for Ruby contains an unspecified flaw
2014-09-25 as as Gem for Ruby Process List Local Plaintext Credentials Disclosure
2014-09-04 flavour_saver FlavourSaver handlebars helper remote code execution.
2014-08-25 dragonfly Dragonfly Gem for Ruby Image Uploading & Processing Remote Command Execution
2014-08-25 fog-dragonfly Dragonfly Gem for Ruby Image Uploading & Processing Remote Command Execution
2014-08-22 fat_free_crm Fat Free CRM Gem contains a javascript cross-site scripting (XSS) vulnerability 2014-5441
2014-08-18 activerecord Data Injection Vulnerability in Active Record 2014-3514
2014-08-13 bundler Bundler Gem for Ruby Multiple Top-level Source Lines Gemfile Handling Gem Installation Spoofing 2013-0334
2014-07-09 brbackup brbackup Gem for Ruby Process List Local Plaintext Password Disclosure 2014-5004
2014-07-09 brbackup brbackup Gem for Ruby dbuser Variable Shell Metacharacter Injection Remote Command Execution
2014-07-09 brbackup brbackup Gem for Ruby /lib/brbackup.rb name Parameter SQL Injection
2014-07-02 activerecord SQL Injection Vulnerability in Active Record 2014-3482
2014-07-02 activerecord SQL Injection Vulnerability in Active Record 2014-3483
2014-06-30 backup_checksum backup_checksum Gem for Ruby /lib/backup/cli/utility.rb Process List Local Plaintext Password Disclosure 2014-4993
2014-06-30 lingq lingq Gem for Ruby client.rb Metacharacter Handling Remote Command Execution
2014-06-30 kompanee-recipes kompanee-recipes Gem for Ruby /lib/kompanee-recipes/heroku.rb Multiple Variable Handling Remote Command Execution Weakness
2014-06-30 lean-ruport lean-ruport Gem for Ruby /test/tc_database.rb Process Table Local Plaintext MySQL Password Disclosure 2014-4998
2014-06-30 karo karo Gem for Ruby db.rb Metacharacter Handling Remote Command Execution
2014-06-30 backup-agoddard backup-agoddard Gem for Ruby /lib/backup/cli/utility.rb Process Table Local Plaintext Password Disclosure 2014-4993
2014-06-30 VladTheEnterprising VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact 2014-4996
2014-06-30 kcapifony kcapifony Gem for Ruby /lib/ksymfony1.rb Metacharacter Handling Remote Command Execution
2014-06-30 cap-strap cap-strap Gem for Ruby Process Table Local Plaintext Credential Disclosure 2014-4992
2014-06-30 lynx lynx Gem for Ruby command/basic.rb Process Table Local Plaintext Password Disclosure 2014-5002
2014-06-30 cap-strap cap-strap Gem for Ruby Hardcoded Password Crypt Hash Salt Weakness
2014-06-30 lynx lynx Gem for Ruby lib/lynx/pipe/run.rb Remote Command Execution
2014-06-30 codders-dataset codders-dataset Gem for Ruby /lib/dataset/database/mysql.rb Process Table Local Plaintext Credential Disclosure 2014-4991
2014-06-30 point-cli point-cli Gem for Ruby /lib/commands/setup.rb Process Table Local Plaintext Credential Disclosure 2014-4997
2014-06-30 lawn-login lawn-login Gem for Ruby /lib/lawn.rb Process Table Local Plaintext Password Disclosure 2014-5000
2014-06-30 VladTheEnterprising VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact 2014-4995
2014-06-30 kajam kajam Gem for Ruby /dataset/lib/dataset/database/postgresql.rb Metacharacter Handling Remote Command Execution