128 matches found
Ruby on Rails JSON Processor Floating Point Heap Overflow DoS
When Ruby attempts to convert a string representation of a large floating point decimal number to its floating point equivalent, a heap-based buffer overflow can be triggered. This module has been tested successfully on a Ruby on Rails application using Ruby version 1.9.3-p448 with WebRick and Th...
Ruby on Rails JSON Processor YAML Deserialization Code Execution (CVE-2013-0333)
A code execution vulnerability has been reported in Ruby on Rails. The vulnerability is due to an input validation error when JSON Processor deserializes YAML. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code within the context of the underlying web serve...
Ruby on Rails JSON Processor YAML Deserialization Scanner
This module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the JSON request processor. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby...
Fedora 17 : rubygem-activesupport-3.0.11-8.fc17 (2013-1710)
Fixes CVE-2013-0333. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
Ruby on Rails JSON Processor YAML Deserialization Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Ruby on Rails JSON Processor YAML Deserialization Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Ruby on Rails JSON Processor YAML...
Ruby on Rails JSON Processor YAML Deserialization Code Execution
Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core...
Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Ruby on Rails JSON Processor YAML...