03 Feb '13, 7am

#Vulnerabilities Ruby on Rails JSON Processor YAML Deserialization Code Execution: #Hacking #Security

Cisco shows the global picture of information security Posted on 31 January 2013. | Cisco released findings from two global studies that provide a vivid picture of the rising security challenges that businesses, IT departments and individuals face. 1 Aerospace and defense firms targeted with clever spear phishing Posted on 31 January 2013. | Directors and other top management of companies in the aerospace industry and U.S. government and defense contractors have been targeted with a highly believable spear phishing campaign. 2 High-risk Broadcom UPnP stack remote root vulnerability Posted on 31 January 2013. | The remote preauth format string vulnerability in the Broadcom UPnP stack can be exploited to write arbitrary values to an arbitrary memory address, and also to remotely read router memory. 3 DDoS attack sizes plateau, complex multi-vector attacks on the rise Posted ...

Full article: http://www.net-security.org/vuln.php?id=16364

Tweets

[remote] - Ruby on Rails JSON Processor YAML De...

exploit-db.com 29 Jan '13, 3pm

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Ple...

Ruby on Rails JSON Processor YAML Deserializati...

packetstormsecurity.com 29 Jan '13, 4pm

This Metasploit module exploits a remote code execution vulnerability in the JSON request processor of the Ruby on Rails a...

YAML's security woes are way bigger than Rails ...

yaml.org 02 Feb '13, 9pm

This document reflects the third version of YAML data serialization language. The content of the specification was arrived...

#Vulnerabilities Ruby on Rails XML Processor YA...

net-security.org 22 Jan '13, 6pm

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and ...

Anatomy of an Exploit: An In-depth Look at the Rails YAML Vulnerability

Anatomy of an Exploit: An In-depth Look at the ...

rubysource.com 04 Feb '13, 2pm

Exploits happens, and this month the Rails and Ruby communities have seen no shortage. From a major exploit in Rails to a ...

Ruby off the Rails: What The Rails Security Iss...

metafilter.com 02 Feb '13, 1am

What The Rails Security Issue Means For Your Startup summarizes the impact of recent arbitrary-code-execution security vul...

Django: 16 vulnerabilities. DoS, XSS, CSRF. Rai...

cvedetails.com 30 Jan '13, 9pm

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and ...

Ruby on Rails の JSON のパラメータ解析の脆弱性により任意のコードを実行される脆弱性(CVE-2013-0333)に関する検証レポート -

Ruby on Rails の JSON のパラメータ解析の脆弱性により任意のコードを実行され...

security.intellilink.co.jp 01 Feb '13, 5am

Vulnerability Note VU#628463: Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability http://www.kb.cert.org/vuls/id/628463

Ruby on Rails receives the third security patch...

news.techworld.com 30 Jan '13, 9am

Developers of the Ruby on Rails web development framework have released versions 3.0.20 and 2.3.16 of the software in orde...

#toronto Ruby on rails receives the third secur...

news.techworld.com 30 Jan '13, 11am

Developers of the Ruby on Rails web development framework have released versions 3.0.20 and 2.3.16 of the software in orde...

Just released mail_room to make it easy to rece...

github.com 05 Feb '13, 2am

specs, this is just a (working) proof of concept √ finish code for POSTing to callback with auth √ accept mailbox configur...

Ruby on Rails receives the third security patch...

networkworld.com 30 Jan '13, 1pm

IDG News Service - Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the so...

Ruby on Rails Patched Again - eSecurity Planet

Ruby on Rails Patched Again - eSecurity Planet

esecurityplanet.com 31 Jan '13, 10pm

For the third time this month, the developers of Ruby on Rails have released an update to patch a serious vulnerability. "...

Ruby on Rails receives third security patch in ...

computerworld.com 30 Jan '13, 9am

IDG News Service - Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the so...