exploit

The FTP library in Ruby did not validate remote filenames and blindly passed these to the kernel.open function. This created a remotely exploitable vulnerability. Since the filenames were supplied by the remote FTP server, it was possible to create a malicious server that could exploit this vulnerability when a vulnerable Ruby client connected and tried to download a file. ...

Before creating this blog, I had the opportunity to create numerous posts under the SensePost blog. These cover a few topics including mobile apps, web apps and infrastructure. ...