Lucene search
K

7 matches found

GithubExploit
GithubExploit
added 2026/01/09 4:49 p.m.216 views

Exploit for Improper Access Control in Rubyonrails Web_Console

CVE-2015-3...

4.3CVSS7.1AI score0.44984EPSS
Exploits6
Metasploit
Metasploit
added 2016/05/02 7:31 a.m.32 views

Ruby on Rails Web Console (v2) Whitelist Bypass Code Execution

This module exploits an IP whitelist bypass vulnerability in the developer web console included with Ruby on Rails 4.0.x and 4.1.x. This module will also achieve code execution on Rails 4.2.x if the attack is launched from a whitelisted IP range. This module requires Metasploit:...

4.3CVSS7.6AI score0.44984EPSS
Exploits6
seebug.org
seebug.org
added 2016/01/27 12:0 a.m.40 views

Ruby on Rails Web Console IP 白名单安全模式绕过

IP whitelist bypass in Web Console There is a remote code execution vulnerability in Web Console. This vulnerability has been assigned the CVE identifier CVE-2015-3224. Versions Affected: All Not affected: Environments inaccessible from remote IPs, or without Web Console enabled Fixed Versions:...

4.3CVSS7.1AI score0.44984EPSS
Exploits6
NVD
NVD
added 2015/07/26 10:59 p.m.24 views

CVE-2015-3224

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelistedips protection mechanism via a crafted request...

4.3CVSS6.4AI score0.44984EPSS
Exploits6References5
CVE
CVE
added 2015/07/26 10:0 p.m.135 views

CVE-2015-3224

CVE-2015-3224 affects Ruby on Rails Web Console (Web Console) prior to 2.1.3 when used with Rails 3.x/4.x. The root cause is improper restriction of X-Forwarded-For headers, allowing remote bypass of the whitelisted_ips protection via a crafted request. Exploitation is demonstrated in public advi...

4.3CVSS6.4AI score0.44984EPSS
Exploits6References5Affected Software1
Cvelist
Cvelist
added 2015/07/26 10:0 p.m.42 views

CVE-2015-3224

request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelistedips protection mechanism via a crafted request...

6.2AI score0.44984EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
added 2015/06/18 12:0 a.m.72 views

FreeBSD : rubygem-rails -- multiple vulnerabilities (eb8a8978-8dd5-49ce-87f4-49667b2166dd)

Ruby on Rails blog : Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

5CVSS6.1AI score0.44984EPSS
Exploits7References7
Rows per page
Query Builder