Ruby on Rails Web Console IP 白名单安全模式绕过

IP whitelist bypass in Web Console There is a remote code execution vulnerability in Web Console. This vulnerability has been assigned the CVE identifier CVE-2015-3224. Versions Affected: All Not affected: Environments inaccessible from remote IPs, or without Web Console enabled Fixed Versions:...

Spreecommerce 0.60.1 Arbitrary Command Execution

No description provided by source. $Id: spreesearchexec.rb 13831 2011-10-07 17:45:15Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

sudo 1.8.0 - 1.8.3p1 Format String Vulnerability

No description provided by source. Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 +--++ Authors joernchen joernchen phenoelit de Phenoelit Group http://www.phenoelit.de Affected Products sudo 1.8.0 - 1.8.3p1 http://sudo.ws Vendor communication 2012-01-24 Send vulnerability details to sud...

JRuby Sandbox 0.2.2 - Sandbox Escape

jruby-sandbox aims to allow safe execution of user given Ruby code within a JRuby 0 runtime. However via import of Java classes it is possible to circumvent those protections and execute arbitrary code outside the sandboxed environment. Versions 0.2.2 and below are affected. Phenoelit Advisory...

JRuby Sandbox 0.2.2 - Sandbox Escape

JRuby Sandbox 0.2.2 - Sandbox Escape Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox e puts "fail via Ruby ;" end puts "Now for some Java" sand.eval"Kernel.send :javaimport, 'java.lang.ProcessBuilder'" sand.eval"Kernel.send :javaimport,...

JRuby Sandbox 0.2.2 Bypass

Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox e puts "fail via Ruby ;" end puts "Now for some Java" sand.eval"Kernel.send :javaimport, 'java.lang.ProcessBuilder'" sand.eval"Kernel.send :javaimport, 'java.util.Scanner'" sand.eval"s =...

Fixes a local vulnerability (important)

Fixed CVE-2013-3709: make the secret token file secrettoken.rb readable only for the webyast user to avoid forging the session cookie bnc851116 reported by joernchen of Phenoelit...

SUSE-RU-2015:0793-1 Security update for webyast

The following security issue has been fixed: CVE-2013-3709: webyast: local privilege escalation via secret rails tokens execution. This vulnerability was reported by joernchen of Phenoelit. Security Issue reference: CVE-2013-3709...

sup Remote Command Execution

Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products sup /tmp/whatsup'pwn" will generate a file "whatsup" in the /tmp directory. Solution Upgrade to version 0.14.1.1 or 0.13.2.1 References 0 https://github.com/sup-heliotro...

Ruby on Rails - Known Secret Session Cookie Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank =...

Ruby on Rails Known Secret Session Cookie Remote Code Execution

This Metasploit module implements remote command execution on Ruby on Rails applications. Prerequisite is knowledge of the "secrettoken" Rails 2/3 or "secretkeybase" Rails 4. The values for those can be usually found in the file "RAILSROOT/config/initializers/secrettoken.rb". The module achieves...

Ruby on Rails Known Secret Session Cookie Remote Code Execution

This module implements Remote Command Execution on Ruby on Rails applications. Prerequisite is knowledge of the "secrettoken" Rails 2/3 or "secretkeybase" Rails 4. The values for those can be usually found in the file "RAILSROOT/config/initializers/secrettoken.rb". The module achieves RCE by...

SQL Injection Flaw Haunts All Ruby on Rails Versions

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an attacker to inject code into Web applications. The vulnerability is a serious one given the widespread use of the popular framework for developing Web apps, and the maintainers of...

Advisory: sudo 1.8 Format String Vulnerability

Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 +--++ Authors joernchen joernchen phenoelit de Phenoelit Group http://www.phenoelit.de Affected Products sudo 1.8.0 - 1.8.3p1 http://sudo.ws Vendor communication 2012-01-24 Send vulnerability details to sudo maintainer 2012-01-24 Maintainer ...

sudo 1.8.0 - 1.8.3p1 Format String Vulnerability

Exploit for linux platform in category dos / poc Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products sudo 1.8.0 - 1.8.3p1 http://sudo.ws Vendor communication 2012-01-24 Send vulnerability details to sudo maintainer 2012-01-24 Maintainer is embarrased...

sudo 1.8.0 1.8.3p1 - Format String

sudo 1.8.0 1.8.3p1 - Format String Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products sudo 1.8.0 - 1.8.3p1 http://sudo.ws Vendor communication 2012-01-24 Send vulnerability details to sudo maintainer 2012-01-24 Maintainer is embarrased 2012-01-27 Asking...

sudo 1.8.3p1 Format String

Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products sudo 1.8.0 - 1.8.3p1 http://sudo.ws Vendor communication 2012-01-24 Send vulnerability details to sudo maintainer 2012-01-24 Maintainer is embarrased 2012-01-27 Asking maintainer how the fixing goes...

Gitorious Remote Command Execution

Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products Gitorious 2.1.1 http://gitorious.org Vendor communication 2012-01-16 Asking vendor for PGP key 2012-01-17 Getting PGP key from vendor 2012-01-17 Sending vulnerability details to vendor 2012-01-19 Vendor...

Gitorious Arbitrary Command Execution

This module exploits an arbitrary command execution vulnerability in gitorious. Unvalidated input is passed to the shell allowing command execution. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...

Spreecommerce 0.60.1 Arbitrary Command Execution

$Id: spreesearchexec.rb 13831 2011-10-07 17:45:15Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...