CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2157 matches found

Hacker One•added 2016/10/27 3:0 p.m.•23 views

RubyGems: Possible Subdomain Takeover at http://production.s3.rubygems.org/ pointing to Fastly

A DNS record was found that was pointing to Fastly, but there was no Fastly service configured for this domain. We removed the record because it was not needed any longer. A subdomain takeover was not possible because although there was no service configured, we do have control of any subdomain o...

0.3AI score

Exploits0

Hacker One•added 2016/09/30 11:42 p.m.•24 views

RubyGems: Login credentials transmitted in cleartext on index.rubygems.org

If someone links their target to http://index.rubygems.org then if they click "sign in" their credentials are transmitted plaintext as there is no https redirect or enforcing of https on the login form. Step 1: Link to http://index.rubuygems.org Step 2: sniff traffic open wifi / proxy / etc See t...

Exploits0

Hacker One•added 2016/09/30 9:38 p.m.•15 views

RubyGems: Password Reset emails missing TLS leads account takeover

Hi, I saw that the email is sent in clear-text instead of TLS Transport Layer Security any Man-in-the-middle attacker is able to read these sensitive Emails and get the password reset link which lead to account takeover. Email details: from: [email protected] to: [email protected] date: Fri, Sep 3...

0.1AI score

Exploits0

Hacker One•added 2016/09/20 12:26 p.m.•14 views

RubyGems: RCE,SQL,Vulnerability + Exploit Method.

http://m.rubygems.org is this site under the scope for this bounty?...

6.9AI score

Exploits0

Hacker One•added 2016/09/19 6:45 a.m.•8 views

RubyGems: Host Header Injection/Redirection

rubygems.org is vulnerable to host header injection because the host header can be changed to something outside the target domain. Attack vectors are somewhat limited but depends on how the host header is used by the back-end application code. If code references the hostname used in the URL such ...

7.5AI score

Exploits0

Hacker One•added 2016/09/18 11:56 p.m.•17 views

RubyGems: Invalid username updating

Hello Rubygems, This is my first report on Hackerone, so please tell me if you need further information. This vulnerability/glitch uses the 'Edit Profile' page. How to do it: 1. Login to any account on Rubygems 2. Go to your profile 3. Go to 'Edit Profile' 4. In Handle, put the invalid username 5...

0.4AI score

Exploits0

n0where•added 2016/09/14 3:29 a.m.•14 views

Arbitrary TCP Connection Proxy: BinProxy

Arbitrary TCP Connection Proxy BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem. BinProxy is a tool for understanding and manipulating binary network traffic. BinProxy gives you a TCP proxy and an interface to write protocol-specific...

0.2AI score

Exploits0References3

OSV•added 2016/04/25 2:28 p.m.•12 views

SUSE-SU-2016:1146-1 Security update for portus

Portus was updated to version 2.0.3, which brings several fixes and enhancements: - Fixed crono job when a repository could not be found. - Fixed compatibility issues with Docker 1.10 and Distribution 2.3. - Handle multiple scopes in token requests. - Add optional fields to token response. - Fixe...

7.5CVSS6.2AI score0.90494EPSS

Exploits19References21

Tenable Nessus•added 2016/03/04 12:0 a.m.•29 views

Fedora 23 : pcs-0.9.149-2.fc23 (2016-cdd4228cc7)

Re-synced to upstream sources Security fix for CVE-2016-0720, CVE-2016-0721 - Rubygems built with RELRO Spec file cleanup Fixed multilib .pyc/.pyo issue ---- Re-synced to upstream sources Security fix for CVE-2016-0720, CVE-2016-0721 Rubygems built with RELRO Spec file cleanup Fixed multilib...

8.8CVSS7.6AI score0.00445EPSS

Exploits0References5

CNVD•added 2016/01/16 12:0 a.m.•1 views

RubyGems rack-attack 'ActionDispatch' security bypass vulnerability

RubyGems is a Ruby package manager from the RubyGems organization that is used to distribute and manage Ruby packages. rack-attack is one of the middleware used to block abusive requests. A security vulnerability in RubyGems rack-attack allows remote attackers to bypass security restrictions and...

6.9AI score

Exploits0References1

OpenVAS•added 2015/10/15 12:0 a.m.•22 views

Mageia: Security Advisory (MGASA-2015-0345)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS9AI score0.02401EPSS

Exploits0References4

OpenVAS•added 2015/10/06 12:0 a.m.•27 views

Oracle: Security Advisory (ELSA-2013-1441)

5.8CVSS6AI score0.02017EPSS

Exploits0References2

Mageia•added 2015/09/08 5:55 p.m.•35 views

Updated ruby-RubyGems packages fix security vulnerabilities

Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack" CVE-2015-3900...

5CVSS8.2AI score0.02401EPSS

Exploits0References2

OSV•added 2015/09/08 5:55 p.m.•6 views

MGASA-2015-0345 Updated ruby-RubyGems packages fix security vulnerabilities

5CVSS5.7AI score0.02401EPSS

Exploits0References3

OpenVAS•added 2015/09/08 12:0 a.m.•28 views

Amazon Linux: Security Advisory (ALAS-2013-231)

4.3CVSS5.8AI score0.00588EPSS

Exploits0References2

OpenVAS•added 2015/09/08 12:0 a.m.•23 views

Amazon Linux: Security Advisory (ALAS-2014-290)