Ruby on Rails ActionPack Inline ERB - Code Execution (Metasploit)

Exploit for ruby platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails ActionPack Inline ERB Code Execution', 'Description' = %q...

Ruby On Rails ActionPack Inline ERB Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails ActionPack Inline ERB Code Execution', 'Description' = %q This module exploits a remote code execution...

Ruby on Rails ActionPack Inline ERB Code Execution

This module exploits a remote code execution vulnerability in the inline request processor of the Ruby on Rails ActionPack component. This vulnerability allows an attacker to process ERB to the inline JSON processor, which is then rendered, permitting full RCE within the runtime, without logging ...

Unspecified Vulnerability in Red Hat JBoss BPM Suite

Red Hat JBoss BPM Suite is a business process management platform from Red Hat, Inc. that brings together all the features of JBoss BRMS. The platform provides additional support for modeling, automation, simulation and business process monitoring. A security vulnerability exists in Red Hat JBoss...

Linux ARM Big Endian Command Shell, Bind TCP Inline

Listen for a connection and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 118 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def...

Framework: denial-of-service attack with XML input

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...

Deploying CloudBridge Virtual WAN in Virtual Inline Mode with Additional Internet Link

This article addresses the deployment of a Cloud Bridge Appliance in Virtual Inline Mode with additional internet link enabled with Internet Services. This deployment serves the requirement where we do not need the traffic intended for internet access to traverse the virtual path between the site...

Deploying CloudBridge Virtual WAN in Virtual Inline Mode with Additional Internet Link

This article addresses the deployment of a CloudBridge Virtual WAN Appliance in Virtual Inline Mode, also known as One-Arm Mode or Policy Based Routing PBR Mode. Additional Resources CTX213584 - Deploying CloudBridge Virtual WAN in Virtual Inline Mode with Additional Internet Link...

[SECURITY] Fedora 24 Update: w3m-0.5.3-24.fc24

The w3m program is a pager or text file viewer that can also be used as a text-mode Web browser. W3m features include the following: when reading an HTML document, you can follow links and view images using an external image viewer; its internet message mode determines the type of document from t...

chromium-browser: origin confusion in Extensions UI

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...

CVE-2016-1640

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...

Design/Logic Flaw

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...

UBUNTU-CVE-2016-1640

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...

CVE-2016-1640

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...

CVE-2016-1640

CVE-2016-1640 affects Google Chrome’s Web Store inline-installer in Extensions UI. The vulnerability arises because installations are not blocked when an installation frame is deleted, enabling a remote site to trick a user into thinking a request comes from their next navigation target. A fixed ...

CVE-2016-1640

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the...

USN-2888-1: Linux kernel (Utopic HWE) vulnerabilities

It was discovered that a use-after-free vulnerability existed in the AFUNIX implementation in the Linux kernel. A local attacker could use crafted epollctl calls to cause a denial of service system crash or expose sensitive information. CVE-2013-7446 It was discovered that the KVM implementation ...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2886-1)

It was discovered that a use-after-free vulnerability existed in the AFUNIX implementation in the Linux kernel. A local attacker could use crafted epollctl calls to cause a denial of service system crash or expose sensitive information. CVE-2013-7446 It was discovered that the KVM implementation ...

PT-2018-3523 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.4 Description: The issue is related to a buffer overflow in the fs/f2fs/inline.c component of the Linux kernel, which can lead to out-of-bounds memory access. This can cause a denial of service. The problem...

CVE-2015-8374

fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action...