Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:7 a.m.9 views

CVE-2023-6019

A flaw was found in ray. The cpuprofile URL parameter allows for command injection, enabling a remote, unauthenticated attacker to execute arbitrary operating system commands on the system hosting the Ray dashboard. This exploitation occurs directly through a crafted URL. Successful command...

9.8CVSS8AI score0.7463EPSS
Exploits15References3
Metasploit
Metasploit
added 2024/08/23 6:52 p.m.344 views

Ray cpu_profile command injection

Ray RCE via cpuprofile command injection vulnerability. Module Options msf use exploit/linux/http/raycpuprofilecmdinjectioncve20236019 msf exploitraycpuprofilecmdinjectioncve20236019 show targets ...targets... msf exploitraycpuprofilecmdinjectioncve20236019 set TARGET msf...

9.8CVSS7.9AI score0.7463EPSS
Exploits15
Packet Storm
Packet Storm
added 2024/08/23 12:0 a.m.295 views

Ray cpu_profile Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray cpuprofile command injection', 'Description' = %q Ray RCE via cpuprofile command injection vulnerability. , 'Author' = 'sierrabearchell',...

9.8CVSS7AI score0.7463EPSS
Exploits15
GithubExploit
GithubExploit
added 2024/04/21 2:30 p.m.310 views

Exploit for OS Command Injection in Ray_Project Ray

Python POC Derived from...

9.8CVSS7.7AI score0.7463EPSS
Exploits15
Packet Storm
Packet Storm
added 2024/04/12 12:0 a.m.321 views

Ray OS 2.6.3 Command Injection

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

9.8CVSS7.4AI score0.7463EPSS
Exploits15
Exploit DB
Exploit DB
added 2024/04/12 12:0 a.m.334 views

Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

9.8CVSS8.7AI score0.7463EPSS
Exploits15
0day.today
0day.today
added 2024/04/12 12:0 a.m.316 views

Ray OS v2.6.3 - Command Injection Exploit

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

9.8CVSS8.7AI score0.7463EPSS
Exploits15
Circl
Circl
added 2024/03/18 10:1 a.m.8 views

CVE-2023-6019

creationtimestamp| type| source ---|---|--- 2024-03-18 10:01:05+00:00| published-proof-of-concept| https://github.com/google/tsunami-security-scanner-plugins/tree/master/google/detectors/rce/ai/cve20236019 2024-03-27 17:30:05+00:00| exploited| https://t.me/truesecator/5575 2024-04-10...

9.8CVSS7.9AI score0.7463EPSS
Exploits15References6
vulnersOsv
vulnersOsv
added 2023/11/16 6:30 p.m.5 views

aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1094 more potentially affected by CVE-2023-48022 +4 more via ray (>=0.5.0 <=2.8.0)

ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2023-48022, CVE-2023-48023, CVE-2023-6019, CVE-2023-6020, CVE-2023-6021 Source advisory: OSV:GHSA-3PWW-QVR8-6MHP...

9.8CVSS7AI score0.81512EPSS
Exploits22
NVD
NVD
added 2023/11/16 5:15 p.m.20 views

CVE-2023-6019

A command injection existed in Ray's cpuprofile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here:...

9.8CVSS0.7463EPSS
Exploits15References1
CVE
CVE
added 2023/11/16 4:12 p.m.160 views

CVE-2023-6019

Ray’s CVE-2023-6019 is an RCE via the cpu_profile URL parameter on the Ray dashboard, allowing remote code execution without authentication. Exploitation evidence exists in public Metasploit modules for Ray CPU profile injection, and related LFI/RCE advisories corroborate the class of impact. The...

9.8CVSS8.9AI score0.7463EPSS
Exploits15References1Affected Software1
Rows per page
Query Builder