Lucene search
K

22 matches found

GithubExploit
GithubExploit
added 2021/09/06 12:28 p.m.19 views

Exploit for Command Injection in Rubyonrails Rails

CVE-2019-5420 A vulnerability can allow an attacker to guess t...

9.8CVSS8.8AI score0.92144EPSS
Exploits13
GithubExploit
GithubExploit
added 2021/05/11 11:32 a.m.150 views

Exploit for Command Injection in Rubyonrails Rails

CVE-2019-5420.rb POC Explo...

9.8CVSS7.8AI score0.92144EPSS
Exploits13
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.33 views

SUSE: Security Advisory (SUSE-SU-2020:3147-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.98507EPSS
Exploits40References10
GithubExploit
GithubExploit
added 2021/01/20 3:6 p.m.141 views

Exploit for Command Injection in Rubyonrails Rails

CVE-2019-5420 Ruby-on-Rails offers three different environmen...

9.8CVSS8.3AI score0.92144EPSS
Exploits13
Check Point Advisories
Check Point Advisories
added 2019/06/26 12:0 a.m.13 views

Ruby on Rails Active Storage Insecure Deserialization (CVE-2019-5420)

An insecure deserialization vulnerability exists in Ruby on Rails' ActiveStorage component. Successful exploitation of this vulnerability could allow a remote authenticated attacker with at least author-level privileges to execute arbitrary code on the affected system...

7.5CVSS5.7AI score0.92144EPSS
Exploits13
OpenVAS
OpenVAS
added 2019/06/17 12:0 a.m.101 views

Discourse < 2.3.0.beta5 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities in Ruby on Rails. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS7.5AI score0.98507EPSS
Exploits30References3
OpenVAS
OpenVAS
added 2019/05/10 12:0 a.m.77 views

Fedora Update for rubygem-actioncable FEDORA-2019-1cfe24db5c

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.98507EPSS
Exploits30References4
OpenVAS
OpenVAS
added 2019/05/10 12:0 a.m.91 views

Fedora Update for rubygem-activemodel FEDORA-2019-1cfe24db5c

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.98507EPSS
Exploits30References4
OpenVAS
OpenVAS
added 2019/05/10 12:0 a.m.96 views

Fedora Update for rubygem-rails FEDORA-2019-1cfe24db5c

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.98507EPSS
Exploits30References4
Tenable Nessus
Tenable Nessus
added 2019/05/10 12:0 a.m.41 views

Fedora 30 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2019-1cfe24db5c)

Update Ruby on Rails to 5.2.3. Fixes CVE-2019-5418 CVE-2019-5419 CVE-2019-5420. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

9.8CVSS7.5AI score0.98507EPSS
Exploits30References4
0day.today
0day.today
added 2019/05/02 12:0 a.m.229 views

Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution Exploit

This Metasploit module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secretkeybase, and can be easily extracted by visiting an invalid resource for a path. As a result, this allows a remote user to create and deliver a signed...

9.8CVSS0.3AI score0.92144EPSS
Exploits13
Exploit DB
Exploit DB
added 2019/05/02 12:0 a.m.144 views

Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby On Rails DoubleTap Development Mode secretkeybase Vulnerability', 'Description' = %q This module exploits a vulnerability in Ruby on Rails. ...

9.8CVSS9.8AI score0.92144EPSS
Exploits13
Packet Storm
Packet Storm
added 2019/05/01 12:0 a.m.63 views

Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby On Rails DoubleTap Development Mode secretkeybase Vulnerability', 'Description' = %q This module exploits a vulnerability in Ruby on Rails. ...

7.5CVSS9.6AI score0.92144EPSS
Exploits13
Metasploit
Metasploit
added 2019/04/25 7:30 p.m.40 views

Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability

This module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secretkeybase, and can be easily extracted by visiting an invalid resource for a path. As a result, this allows a remote user to create and deliver a signed serialized payload...

9.8CVSS9.4AI score0.92144EPSS
Exploits13
canvas
canvas
added 2019/03/27 2:29 p.m.80 views

Immunity Canvas: RAILS_ACTIVESTORAGE_RCE

Name| railsactivestoragerce ---|--- CVE| CVE-2019-5420 Exploit Pack| CANVAS Description| Ruby on Rails Arbitrary Deserialization RCE CVE-2019-5420 Notes| CVE Name: CVE-2019-5420 VENDOR: Rails NOTES: The vulnerability resides in the ActionStorage component of Ruby on Rails due to insufficient...

7.5CVSS0.5AI score0.98507EPSS
Exploits29
Cvelist
Cvelist
added 2019/03/27 1:48 p.m.35 views

CVE-2019-5420

A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...

9.7AI score0.92144EPSS
Exploits13References5
CVE
CVE
added 2019/03/27 1:48 p.m.313 views

CVE-2019-5420

CVE-2019-5420 affects Ruby on Rails in development mode where the secret token used to secure sessions is guessable, enabling potential RCE via Rails internals. Connected exploits demonstrate deserialization/RCE vectors dependent on a guessed development secret base. Vulnerable condition: running...

9.8CVSS9.5AI score0.92144EPSS
Exploits13References5Affected Software1
Circl
Circl
added 2019/03/24 12:55 a.m.31 views

CVE-2019-5420

creationtimestamp| type| source ---|---|--- 2019-03-24 00:55:47+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/2446 2019-05-01 13:45:07+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/railsdoubletap.rb 2019-05-02...

9.8CVSS7.6AI score0.92144EPSS
Exploits13References4
GithubExploit
GithubExploit
added 2019/03/23 2:52 a.m.157 views

Exploit for Path Traversal in Rubyonrails Rails

Rails-doubletap-exploit RCE on Rails 5.2.2 using a path trave...

9.8CVSS7AI score0.98507EPSS
Exploits30
GithubExploit
GithubExploit
added 2019/03/21 3:42 p.m.46 views

Exploit for Command Injection in Rubyonrails Rails

CVE-2019-5420 CVE-2019-5420 Ruby on Rails For educational p...

9.8CVSS7.1AI score0.92144EPSS
Exploits13
Rows per page
Query Builder