CVE-2021-33564

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features...

EUVD-2017-0293

Malware in sbrugna...

EUVD-2017-0276

Malware in sbrugna...

VulnCheck KEV: CVE-2021-33564

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features...

Dragonfly Ruby Gem < 1.4.0 Argument Injection Vulnerability - Active Check

Dragonfly Ruby Gem is prone to an argument injection vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-33564

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features...

CVE-2021-33564

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features...

Design/Logic Flaw

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features...

CVE-2021-33564

An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process features...

Dragonfly Ruby Gem File Disclosure

File disclosure vulnerability in Dragonfly Ruby gem Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

dragonfly -- argument injection

NVD reports: An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verifyurl option is disabled. This may lead to code execution. The problem occurs because the generate and process...

Code injection in dragonfly gem

lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors...

GHSA-QRGF-JQQM-X7XV Code injection in dragonfly gem

lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors...

Dragonfly Code Injection vulnerability

The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request...

Dragonfly 1.0.5 Remote Code Execution

RCE in the Dragonfly gem for image uploading & processing in rails/sinatra, in version 1.0.5. https://github.com/markevans/dragonfly The underlaying vulnerability is that you can pass arbitrary commands to imagemagicks convert, thus granting arbitrary read/write for the filesystem. Additionally t...

CVE-2013-1756

The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request...

Cross site request forgery (csrf)

The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request...

CVE-2013-1756

The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request...

CVE-2013-1756

Dragonfly (Ruby gem) vulnerability CVE-2013-1756 affects the Dragonfly gem for Ruby when used with Rails. Versions 0.7 before 0.8.6 and 0.9.x before 0.9.13 are vulnerable to remote code execution via a crafted request, due to the parsing/handling of input. Impact is remote arbitrary code executio...

Command injection

lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors...