Open Redirect in Host Authorization Middleware

Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. id: CVE-2021-44528 info: name: Open Redirect in Host Authorization Middleware author: geeknik...

Ruby on Rails <5.0.1 - Remote Code Execution

Ruby on Rails before version 5.0.1 is susceptible to remote code execution because it passes user parameters as local variables into partials. id: CVE-2020-8163 info: name: Ruby on Rails 5.0.1 - Remote Code Execution author: timkoopmans severity: high description: Ruby on Rails before version 5.0...

Rails File Content Disclosure

Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. id: CVE-2019-5418 info: name: Rails File Content Disclosure...

CamaleonCMS Cross-Site Scripting Vulnerability

CamaleonCMS is an advanced dynamic content management system CMS based on RubyonRails from the CamaleonCMS team.CamaleonCMS has a cross-site scripting vulnerability in versions 0.0.1 through 2.6.0 that stems from a lack of checksum filtering of user-supplied and output data. An attacker could...

CamaleonCMS server-side request forgery vulnerability

Camaleon CMS is a RubyonRails-based advanced dynamic content management system CMS from the Camaleon CMS team. Camaleon CMS has a server-side request forgery vulnerability in versions 2.1.2.0 through 2.6.0, which stems from the product's failure to properly validate user input and can be exploite...

CamaleonCMS Denial of Service Vulnerability

CamaleonCMS is a RubyonRails-based advanced dynamic content management system CMS from the Camaleon CMS team.A denial-of-service vulnerability exists in Camaleon CMS versions 2.0.1 through 2.6.0, which stems from a vulnerability to uncaught exceptions in Camaleon CMS. An attacker with low privile...

Exploit for Deserialization of Untrusted Data in Rubyonrails Rails

CVE-2020-8165 Demo Yet another demo of CVE-2020-8165, though...

Exploit for Deserialization of Untrusted Data in Rubyonrails Rails

CVE-2020-8165.py A shell for CVE-2020-8...

Exploit for Deserialization of Untrusted Data in Rubyonrails Rails

CVE-2020-8165 Python Exploit This is code to exploit CVE-2020...

Immunity Canvas: RAILS_ACTIONPACK_RENDER

Name| railsactionpackrender ---|--- CVE| CVE-2016-2098 Exploit Pack| CANVAS Description| railsactionpackrender Notes| CVE Name: CVE-2016-2098 VENDOR: http://rubyonrails.org Notes: This vulnerability affects ActionPack gem and it allows remote attackers to execute arbitrary Ruby Code due to the...

openSUSE Security Update : ruby (openSUSE-SU-2013:0278-1)

This update updates the RubyOnRails 2.3 stack to 2.3.16, also this update updates the RubyOnRails 3.2 stack to 3.2.11. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed...

RubyonRails 3 XML Processor YAML Deserialization 代码执行漏洞

No description provided by source...

RubyonRails 3.0.19 JSON Processor YAML Deserialization 代码执行漏洞

No description provided by source...

openSUSE: Security Advisory for ruby (openSUSE-SU-2013:0278-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

SuSE Update for ruby openSUSE-SU-2013:0280-1 (ruby)

Check for the Version of ruby OpenVAS Vulnerability Test $Id: gbsuse201302801.nasl 8672 2018-02-05 16:39:18Z teissa $ SuSE Update for ruby openSUSE-SU-2013:0280-1 ruby Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is fre...

ruby on rails to 2.3.16 (important)

This update updates the RubyOnRails 2.3 stack to 2.3.16. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed. CVE-2012-2695: A SQL injection via nested hashes in conditions w...

ruby on rails to 2.3.16 (important)

This update updates the RubyOnRails 2.3 stack to 2.3.16, also this update updates the RubyOnRails 3.2 stack to 3.2.11. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed...