Ruby on Rails JSON Processor YAML Deserialization Code Execution

Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core...

Ruby On Rails XML Processor YAML Deserialization Code Execution

This Metasploit module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the...

Ruby on Rails XML Processor YAML Deserialization Code Execution

This module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application...

MS10-081: Windows Common Control Library (Comctl32) Heap Overflow

Exploit for windows platform in category remote exploits !/usr/bin/env ruby http://breakingpointsystems.com/community/blog/microsoft-vulnerability-proof-of-concept Nephi Johnson require 'socket' def httpsendsock, data, opts= defaults = :code="200", :message="OK", :type="text/html", :desc="content...

rbot 0.9.14 - '!react' Unauthorized Access

source: https://www.securityfocus.com/bid/39915/info Rbot is prone to an unauthorized-access vulnerability because it fails to adequately sanitize user supplied data. An attacker can exploit this vulnerability to gain administrative rights to the rbot application. This will allow a remote attacke...

rbot 0.9.14 - !react Unauthorized Access

rbot 0.9.14 - !react Unauthorized Access source: https://www.securityfocus.com/bid/39915/info Rbot is prone to an unauthorized-access vulnerability because it fails to adequately sanitize user supplied data. An attacker can exploit this vulnerability to gain administrative rights to the rbot...

CVE-2008-2663

Multiple integer overflows in the rbarystore function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than...

CVE-2006-6852

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by 1 conf.rhtml and 2 i.conf.rhtml. NOTE: some of these details are obtained from third party...

CVE-2006-6852

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by 1 conf.rhtml and 2 i.conf.rhtml. NOTE: some of these details are obtained from third party...

CVE-2006-6852

tDiary 2.0.3 and 2.1.4.200 contain an eval injection vulnerability that lets a remote authenticated attacker run arbitrary Ruby scripts. The root cause is described as incorrect input validation in two web templates (conf.rhtml and i.conf.rhtml), enabling arbitrary code execution on the web serve...

CVE-2006-6852

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by 1 conf.rhtml and 2 i.conf.rhtml. NOTE: some of these details are obtained from third party...

Code injection

The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors...

High severity vulnerability that affects rwiki

The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors...