[CLOSE] OSVDB ID : 84248 - Disclosed: 2012-07-25

Description:

The RTFM Extension for RT contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input passed via the topic administration page before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 83983 - Disclosed: 2012-07-09

Description:

RTG and RTG2 contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 95.php script not properly sanitizing user-supplied input before using it in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 83982 - Disclosed: 2012-07-09

Description:

RTG and RTG2 contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the rtg.php script not properly sanitizing user-supplied input before using it in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 83981 - Disclosed: 2012-07-09

Description:

RTG and RTG2 contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view.php script not properly sanitizing user-supplied input before using it in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 75789 - Disclosed: 2011-09-28

Description:

RTG Files Extension for TYPO3 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to certain unspecified input not being properly sanitized before use in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 47567 - Disclosed: 2008-08-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 47568 - Disclosed: 2008-08-08

Description:

RTH contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.php' script not properly sanitizing user-supplied input to the 'uname' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20327 - Disclosed: 2005-10-14

Description:

WebAdmin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login script not properly sanitizing user-supplied input to the 'username' and 'password' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 40616 - Disclosed: 2008-01-16

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control (CamPanel.dll) in RTS Sentry 2.1.0.2 allows remote attackers to execute arbitrary code via a long second argument to the ConnectServer method.

[CLOSE] OSVDB ID : 69959 - Disclosed: 2010-12-20

Description:

RTShop contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'productDetail.asp' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 42378 - Disclosed: 2008-02-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 40892 - Disclosed: 2008-01-17

Description:

(Description Provided by CVE) : Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property.

[CLOSE] OSVDB ID : 90548 - Disclosed: 2013-02-21

Description:

RTTucson Quotations Database contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /quotations/admin/include/login.php script not properly sanitizing user-supplied input to the 'Username' field. This may allow an attacker to manipulate an SQL query that will result in bypassing authentication. Once authenticated, the attacker will have access to the application with the same privileges as the ADMIN | USER account used during the authentication bypass.

[CLOSE] OSVDB ID : 90499 - Disclosed: 2013-02-19

Description:

RTTucson Quotations Database contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the author.php script not properly sanitizing user-supplied input to the 'ID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 90498 - Disclosed: 2013-02-19

Description:

RTTucson Quotations Database contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the category_quotes.php script not properly sanitizing user-supplied input to the 'ID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 90500 - Disclosed: 2013-02-19

Description:

RTTucson Quotations Database contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'keywords' parameter upon submission to the quote_search.php script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 54367 - Disclosed: 2009-05-08

Description:

RTWebalbum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'AlbumId' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 78119 - Disclosed: 2011-12-28

Description:

Rubinius contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.

[CLOSE] OSVDB ID : 87861 - Disclosed: 2012-11-23

Description:

Rubinius contains a flaw related to the MurmurHash3 implementation that may allow a remote denial of service. The issue is triggered when hash values are computed without having the ability to cause hash collisions restricted. When sending specially crafted input to an application maintaining a hash table, a context-dependent attacker can cause a consumption of CPU resources. This will result in a loss of availability for the program.

[CLOSE] OSVDB ID : 62600 - Disclosed: 2009-09-19

Description:

rubrique contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'rubrique.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 27144 - Disclosed: 2006-07-11

Description:

Ruby contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an unspecified error in the handling of the "alias" functionality. No further details have been provided.

[CLOSE] OSVDB ID : 55031 - Disclosed: 2009-06-10

Description:

(Description Provided by CVE) : The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.

[CLOSE] OSVDB ID : 8845 - Disclosed: 2004-08-16

Description:

Ruby contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the cgi::session's filestore stores session information in temporary files created without any regard to permissions. Permissions are set only using the umask value, which may disclose the CGI session variable data resulting in a loss of confidentiality

[CLOSE] OSVDB ID : 34237 - Disclosed: 2006-10-25

Description:

(Description Provided by CVE) : The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.

[CLOSE] OSVDB ID : 11534 - Disclosed: 2004-11-08

Description:

(Description Provided by CVE) : The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

[CLOSE] OSVDB ID : 34238 - Disclosed: 2006-12-04

Description:

(Description Provided by CVE) : The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.

[CLOSE] OSVDB ID : 27145 - Disclosed: 2006-07-11

Description:

Ruby contains a flaw that may allow a malicious user to bypass Safe Level restrictions. The issue is triggered when improper validation of the 'alias' function occurs. It is possible that the flaw may allow malicious code execution resulting in a loss of confidentiality, integrity.

[CLOSE] OSVDB ID : 47472 - Disclosed: 2008-08-08

Description:

(Description Provided by CVE) : The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

[CLOSE] OSVDB ID : 19610 - Disclosed: 2005-09-22

Description:

(Description Provided by CVE) : Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).

[CLOSE] OSVDB ID : 70957 - Disclosed: 2011-02-18

Description:

Ruby contains a flaw related to the safe-level feature. The issue is triggered when a context-dependent attacker exploits a flaw within the exception '#to_s' handling. This may allow an attacker to bypass safe-level protection and modify strings via the 'Exception#to_s' method.