Posts Tagged ‘security update’

Ruby on RailsDevelopers have eliminated dangerous vulnerability in Ruby on Rails, which allows the execution of arbitrary code on the system.

Developers of the popular framework has released a security update that fixes a critical vulnerability in the output JSON data. The vulnerability allows an attacker to execute arbitrary code via a specially crafted HTTP POST request containing the JSON code to insert YAML.

Vulnerabilities affect versions Ruby on Rails 3.0.19 or 2.3.15. Earlier versions may also be affected by this vulnerability.

Recall that a few weeks ago in the network has an exploit that uses a vulnerability in the XML handler for Ruby on Rails. So this is the second dangerous vulnerability in the framework, in January of this year. Last year, for the Ruby on Rails SecurityLab.ru released 5 security notifications, which have been described 10 vulnerabilities. None of the vulnerabilities in 2012, is not at a high risk rating. (more…)

Adobe Logo

Vulnerabilities in Adobe ColdFusion

Company Adobe released a security update for its scripting language ColdFusion.

According to the message of developers, at the time of emergence of updatings the corrected vulnerabilities actively were operated by malicious software in such versions of the program, as 10, 9.0.2, 9.0.1 and 9 for the Windows, Mac OS X and UNIX operating systems.

Let’s remind, earlier the company already reported that these gaps allow the removed malefactor to bypass the authentication mechanism, to get access to the protected directories, and also complete control over system. All eliminated Adobe of vulnerability contain in ColdFusion of versions 9.x. Thus two gaps are present also at version 10 ColdFusion. (more…)