GHSA-HX46-VWMX-WX95 High severity vulnerability that affects actionpack

Withdrawn, accidental duplicate publish. Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method...

CVE-2018-10199

In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::Fileinitilializecopy. An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code...

GitLab: Evaluating Ruby code by injecting Rescue job on the system_hook_push queue through web hook

The secret token field of a webhook is vulnerable to a new line injection, allowing an attacker to inject non-HTTP commands in a TCP stream. When a GitLab instance is configured with an external Redis instance, e.g. on 127.0.0.1:6379, it may result in arbitrary code execution on a Sidekiq worker ...

GitLab: Command injection by overwriting authorized_keys file through GitLab import

The Projects::GitlabProjectsImportService contains a vulnerability that allows an attacker to write files to arbitrary directories on the server. This leads to an arbitrary command execution vulnerability by overwriting the authorizedkeys file. To reproduce, sign in to a GitLab instance that has...

Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation

Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp...

Hashicorp vagrant-vmware-fusion 4.0.23 - Local root Privilege Escalation Exploit

Exploit for macOS platform in category local exploits A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw... The initial patch they released was 4.0.21 which unfortunately...

Hashicorp vagrant-vmware-fusion 4.0.24 - Local Privilege Escalation

I have previously disclosed a couple of bugs in Hashicorp's vagrant-vmware-fusion plugin for vagrant. Unfortunately the 4.0.23 release which was supposed to fix the previous bug I reported didn't address the issue, so Hashicorp quickly put out another release - 4.0.24 - after that but didn't upda...

GHSA-WWMF-6P58-6VJ2 Remote code execution in rwiki

The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors...

Remote code execution in rwiki

The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors...

Ruby on Rails vulnerable to code injection

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

High severity vulnerability that affects rails

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

High severity vulnerability that affects rails.

Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service application hang or "data loss," a differen...

GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution Exploit

Exploit for ruby platform in category web applications !/usr/bin/ruby require "openssl" require "cgi" require "net/http" require "uri" SECRET = "641dd6454584ddabfed6342cc66281fb" puts ' . . ' puts ' \ | | | ' puts '/ \\ / /\ \ | | | | | / \ ' puts '\ / /\ \ / /// \ ' puts ' / / / / / '...

CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

Design/Logic Flaw

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

[SECURITY] [DSA 3509-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3509-1 [email protected] https://www.debian.org/security/ Luciano Bello March 09, 2016 https://www.debian.org/security/faq -...

interface: Ruby code injection

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors...

CVE-2013-4172

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors...

Code injection

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors...

interface: Ruby code injection

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors...