09 Jan '13, 4pm

Exploit Code for Ruby on Rails Flaw Likely on the Horizon

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential for serious attacks and saying that one of the bugs in particular could be easy prey for attackers. The most serious of the flaws is in the parameter parsing function and could allow attackers to run arbitrary code in vulnerable apps. The team behind the Metasploit Framework is in the process of developing a module for that specific vulnerability, something that often presages the release of public exploit code for a bug. A couple of researchers have claimed publicly that they had developed proof-of-concept code that can exploit the XML parsing flaw on virtually any application built on Ruby on Rails 3.x or 2.x. HD Moore, the creator of Metasploit, said that the bug is a particularly nasty one. He said it "is more than likely the worst security issue th...

Full article: http://threatpost.com/en_us/blogs/exploit-code-ruby-rails...

Tweets

Exploit Code, Metasploit Module Out for Ruby on...

threatpost.com 10 Jan '13, 3pm

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proo...

New flaw in Ruby on Rails:

New flaw in Ruby on Rails:

infosecurity-magazine.com 09 Jan '13, 1pm

Earlier today the Internet Storm Center (ISC) reported , “A SQL Injection Flaw (CVE-2012-5664) was announced last week (Ja...

Ruby on Rails Releases 'Extremely Critical' Sec...

securityweek.com 09 Jan '13, 6pm

The latest versions, 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been updated with "two extremely critical security fixes" and...

Serious vulnerability in Ruby on Rails allowing...

reddit.com 08 Jan '13, 11pm

An attacker can execute any ruby code he wants including system("unix command"). This effects any rails version for the la...

Ruby On Rails SQL Injection Flaw Has Serious Re...

it.slashdot.org 09 Jan '13, 4pm

This one is quite a serious flaw, and the data this website in question deals with is very important data (citizen IDs), s...

Unsafe Query Generation Risk in Ruby on Rails (...

groups.google.com 08 Jan '13, 8pm

Dieser Browser wird nicht unterstützt.

If you use Ruby on Rails, you NEED to read this...

news.ycombinator.com 10 Jan '13, 3am

(Bah, great point about passwords. I need to reform my ways.)To amplify and expand on Thomas here: when this was announced...

Are you running Rails? Have you upgraded? If not, stop, upgrade IMMEDIATELY.

Are you running Rails? Have you upgraded? If no...

techweekeurope.co.uk 09 Jan '13, 4pm

A significant flaw on the Ruby on Rails web development framework might have put thousands of websites at risk of being ha...

Ruby on Rails vulnerable to six year old flaw

zdnet.com 09 Jan '13, 1am

A critical vulnerability has been discovered in Ruby on Rails that affects almost every version of the framework. A contri...

Any Ruby on Rails app is, badly, utterly, pwned...

groups.google.com 09 Jan '13, 3am

Dieser Browser wird nicht unterstützt.

Exploit für Ruby on Rails im Umlauf

heise.de 10 Jan '13, 3pm

Für die am Mittwoch gemeldete, kritische Lücke in Ruby on Rails kursieren erste Exploits; es treffen auch bereits erste Be...

Ruby on Rails patches more critical vulnerabili...

infoworld.com 09 Jan '13, 12pm

Those using the Ruby on Rails Web application framework on their websites are being advised to update the software immedia...

Ruby on Rails

insinuator.net 08 Jan '13, 9pm

As you might remember YAML formatted parameters are not enabled by default in Rails due to YAML (or more specifically the ...

Read @adamjodonnell's insights on the latest Ru...

blog.sourcefire.com 09 Jan '13, 8pm

A little under 24 hours ago two major, long-standing vulnerabilities were announced in the popular web programming framewo...

Ruby on Rails patches more critical vulnerabilities: Those using the Ruby on Rails web application framework on

Ruby on Rails patches more critical vulnerabili...

news.hitb.org 09 Jan '13, 10am

Those using the Ruby on Rails web application framework on their websites are being advised to update the software immedia...