Lucene search
K

68 matches found

Tenable Nessus
Tenable Nessus
added 2018/12/06 12:0 a.m.81 views

RHEL 6 : Ruby on Rails (RHSA-2013:0153)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0153 advisory. Ruby on Rails is a modelviewcontroller MVC framework for web application development. Action Pack implements the controller and the view components...

7.5CVSS9.4AI score0.99449EPSS
Exploits21References6
OSV
OSV
added 2017/10/24 6:33 p.m.54 views

GHSA-PCHC-949F-53M5 Improper Input Validation in multi_xml

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

7.5CVSS7.8AI score0.03655EPSS
Exploits0References7
OSV
OSV
added 2017/10/24 6:33 p.m.42 views

GHSA-9H36-4JF2-HX53 extlib does not properly restrict casts of string values

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...

7.5CVSS7.7AI score0.03415EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.63 views

Improper Input Validation in multi_xml

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

7.5CVSS5.8AI score0.03655EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.48 views

crack does not properly restrict casts of string values

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...

7.5CVSS5.6AI score0.04952EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.39 views

extlib does not properly restrict casts of string values

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...

7.5CVSS5.9AI score0.03415EPSS
Exploits1References7Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.85 views

Ruby on Rails XML Processor YAML Deserialization Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.5CVSS0.1AI score0.99449EPSS
Exploits21
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.55 views

openSUSE Security Update : ruby (openSUSE-SU-2013:0278-1)

This update updates the RubyOnRails 2.3 stack to 2.3.16, also this update updates the RubyOnRails 3.2 stack to 3.2.11. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed...

7.5CVSS8.2AI score0.99449EPSS
Exploits28References15
Metasploit
Metasploit
added 2013/07/26 6:23 p.m.65 views

Ruby on Rails Known Secret Session Cookie Remote Code Execution

This module implements Remote Command Execution on Ruby on Rails applications. Prerequisite is knowledge of the "secrettoken" Rails 2/3 or "secretkeybase" Rails 4. The values for those can be usually found in the file "RAILSROOT/config/initializers/secrettoken.rb". The module achieves RCE by...

7.5CVSS0.99449EPSS
Exploits21
The Hacker News
The Hacker News
added 2013/05/31 3:53 a.m.44 views

Ruby on Rails exploit could hijack unpatched servers for botnet

Server Administrators are being urged to update their Ruby on Rails servers following the discovery of an active malware campaign targeting vulnerable versions of the web development framework. According to security researcher Jeff Jarmoc, Hackers are exploiting a known and patched vulnerability ...

7.5CVSS7.4AI score0.99449EPSS
Exploits21
The Hacker News
The Hacker News
added 2013/05/30 4:53 p.m.93 views

Ruby on Rails exploit could hijack unpatched servers for botnet

Server Administrators are being urged to update their Ruby on Rails servers following the discovery of an active malware campaign targeting vulnerable versions of the web development framework. According to security researcher Jeff Jarmoc, Hackers are exploiting a known and patched vulnerability ...

7.5CVSS2.8AI score0.99449EPSS
Exploits21
ThreatPost
ThreatPost
added 2013/05/28 6:56 p.m.77 views

Ruby on Rails Exploit Harvests IRC Botnet

Developers who have not updated their Ruby on Rails installations with a five-month-old security patch would do well to secure the Web development framework now. Exploit code has surfaced for CVE-2013-0156 that is being used to build a botnet of compromised servers. Exploit code has been publicly...

7.5CVSS0.5AI score0.99449EPSS
Exploits21References6
Prion
Prion
added 2013/04/25 11:55 p.m.28 views

Type confusion

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

7.5CVSS8AI score0.99449EPSS
Exploits21References5Affected Software2
Nmap
Nmap
added 2013/04/25 3:15 a.m.216 views

http-vuln-cve2013-0156 NSE Script

Detects Ruby on Rails servers vulnerable to object injection, remote command executions and denial of service attacks. CVE-2013-0156 All Ruby on Rails versions before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 are vulnerable. This script sends 3 harmless YAML payloa...

10CVSS0.3AI score0.99449EPSS
Exploits54
NVD
NVD
added 2013/04/09 8:55 p.m.32 views

CVE-2013-0285

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

7.5CVSS7.1AI score0.02312EPSS
Exploits0References2
Prion
Prion
added 2013/04/09 8:55 p.m.46 views

Type confusion

The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for YAML type...

7.5CVSS7.7AI score0.99449EPSS
Exploits22References4Affected Software1
Prion
Prion
added 2013/04/09 8:55 p.m.41 views

Design/Logic Flaw

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

7.5CVSS7.6AI score0.99449EPSS
Exploits21References2Affected Software1
Prion
Prion
added 2013/04/09 8:55 p.m.44 views

Type confusion

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...

7.5CVSS7.7AI score0.99449EPSS
Exploits22References6Affected Software1
Prion
Prion
added 2013/04/09 8:55 p.m.29 views

Type confusion

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML typ...

7.5CVSS7.7AI score0.99449EPSS
Exploits22References4Affected Software1
Cvelist
Cvelist
added 2013/04/09 8:0 p.m.39 views

CVE-2013-1800

The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for 1 YAML type...

7.2AI score0.04952EPSS
Exploits1References6
Rows per page
Query Builder