RHEL 6 / 7 : rh-ror41 (RHSA-2016:0456)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0456 advisory. The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller MVC framework for web application...

Debian: Security Advisory (DLA-604-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2016-2098

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method...

Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9 and IBM BigFix Inventory v9 (CVE-2016-2098 CVE-2016-2097)

Summary Vulnerabilities discovered in Ruby on Rails component affect IBM License Metric Tool v9 and IBM BigFix Inventory v9. Vulnerability Details CVEID: CVE-2016-2098 DESCRIPTION: Ruby on Rails could allow a remote attacker to execute arbitrary code on the system, caused by improper validation o...

SUSE: Security Advisory (SUSE-SU-2016:1146-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ruby on Rails Action Pack RCE Vulnerability (Feb 2016) - Windows

Ruby on Rails is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Ruby on Rails Action Pack RCE Vulnerability (Feb 2016) - Linux

Ruby on Rails is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Ruby on Rails Remote Code Execution (CVE-2016-2098)

A remote code execution vulnerability exists in Ruby on Rails. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Ruby on Rails ActionPack Inline ERB - Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails ActionPack Inline ERB Code Execution', 'Description' = %q This module exploits a remote code execution...

Ruby On Rails ActionPack Inline ERB Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails ActionPack Inline ERB Code Execution', 'Description' = %q This module exploits a remote code execution...

Ruby on Rails ActionPack Inline ERB Code Execution

This module exploits a remote code execution vulnerability in the inline request processor of the Ruby on Rails ActionPack component. This vulnerability allows an attacker to process ERB to the inline JSON processor, which is then rendered, permitting full RCE within the runtime, without logging ...

CVE-2016-2098

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method...

Immunity Canvas: RAILS_ACTIONPACK_RENDER

Name| railsactionpackrender ---|--- CVE| CVE-2016-2098 Exploit Pack| CANVAS Description| railsactionpackrender Notes| CVE Name: CVE-2016-2098 VENDOR: http://rubyonrails.org Notes: This vulnerability affects ActionPack gem and it allows remote attackers to execute arbitrary Ruby Code due to the...

CVE-2016-2098

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method...

CVE-2016-2098

CVE-2016-2098 affects Ruby on Rails Action Pack render usage. Affected: ActionPack in Rails before 3.2.22.2, Rails 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2. Root cause: unrestricted/unsafe use of the render method allowing attacker-controlled arguments, enabling remote code execution of Ruby...

CVE-2016-2098

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method...

SUSE-SU-2016:0867-1 Security update for rubygem-actionview-4_2

This update for rubygem-actionview-42 fixes the following issues: - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack bsc968849...

openSUSE Security Update : rubygem-actionpack-3_2 (openSUSE-2016-369)

This update for rubygem-actionpack-32 fixes the following issues : - CVE-2016-2097: rubygem-actionview: Possible Information Leak Vulnerability in Action View. boo968850 - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack boo968849 %NASLMINLEVEL 70300 ...

openSUSE: Security Advisory for rubygem-actionpack-3_2 (openSUSE-SU-2016:0835-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for rubygem-actionpack-3_2 (important)

This update for rubygem-actionpack-32 fixes the following issues: - CVE-2016-2097: rubygem-actionview: Possible Information Leak Vulnerability in Action View. boo968850 - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack boo968849...