#ruby

Medical Hub Directory Site 1.0 Insecure Settings

Medical Hub Directory Site version 1.0 suffers from an ignored default credential vulnerability.

2 months ago

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #java #php #perl #auth #ruby #firefox

Lodging Reservation Management System 1.0 Insecure Settings

Lodging Reservation Management System version 1.0 suffers from an ignored default credential vulnerability.

2 months ago

Packet Storm

Open in Source

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #java #php #perl #auth #ruby #firefox

Human Resource Management System 2024 1.0 Cross Site Scripting

Human Resource Management System version 2024 version 1.0 suffers from a cross site scripting vulnerability.

2 months ago

Packet Storm

Open in Source

#sql #xss #csrf #vulnerability #web #ios #mac #windows #apple #google #ubuntu #linux #debian #cisco #java #php #perl #auth #ruby #firefox

GHSA-vmwr-mc7x-5vc3: REXML denial of service vulnerability

### Impact The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like `REXML::Document.new`, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. ### Patches The REXML gem 3.3.6 or later include the patch to fix the vulnerability. ### Workarounds Don't parse untrusted XMLs with tree parser API.

3 months ago

ghsa

Open in Source

#vulnerability #web #dos #git #ruby

GHSA-2m96-52r3-2f3g: fugit parse and parse_nat stall on lengthy input

### Impact The fugit "natural" parser, that turns "every wednesday at 5pm" into "0 17 * * 3", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausability are impacted. ### Patches Problem was reported in #104 and the fix was released in [fugit 1.11.1](https://rubygems.org/gems/fugit/versions/1.11.1) ### Workarounds By making sure that `Fugit.parse(s)`, `Fugit.do_parse(s)`, `Fugit.parse_nat(s)`, `Fugit.do_parse_nat(s)`, `Fugit::Nat.parse(s)`, and `Fugit::Nat.do_parse(s)` are not fed strings too long. 1000 chars feels ok, while 10_000 chars makes it stall. In fewer words, making sure those fugit methods are not fed unvetted input strings. ### References gh-104

3 months ago

ghsa

Open in Source

#git #ruby

Ubuntu Security Notice USN-6837-2

Ubuntu Security Notice 6837-2 - It was discovered that Rack incorrectly parsed certain media types. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Rack incorrectly handled certain Range headers. A remote attacker could possibly use this issue to cause Rack to create large responses, leading to a denial of service.

3 months ago

Packet Storm

Open in Source

#vulnerability #web #ubuntu #dos #ruby

Jobs Finder System 1.0 SQL Injection

Jobs Finder System version 1.0 suffers from a remote SQL injection vulnerability.

3 months ago

Packet Storm

Open in Source