Ruby on Rails JSON Processor YAML Deserialization Code Execution
03 February 2013
A remote exploitation of an input validation error vulnerability in versions prior to 3.0.20, 2.3.16 of Ruby on Rails. The vulnerable application fails to validate specially crafted JSON requests that are processed by the YAML parser. This vulnerability is very similar to CVE-2013-0156.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Posted on 22 December 2014. | Tens of millions of dollars, credit cards and intellectual property stolen by a new group of cyber criminals. This group has been involved in targeted attacks and espionage since 2013.
Posted on 19 December 2014. | A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.
Posted on 19 December 2014. | Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.
Posted on 17 December 2014. | How to deal with untrustworthy third-party add-ons that could endanger your own users? Prevent them from loading - if you can. That's what Google recently did with Gmail extensions that load code that interferes with the users' Gmail session or malware that can compromise their emailís security.