-
Ruby On Rails JSON Processor YAML Deserialization Scanner
Ruby Files ≈ Packet Storm Sep 1, 2024 | 17:10 pmThis Metasploit module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the JSON request processor.
Read more... -
Ruby On Rails XML Processor YAML Deserialization Scanner
Ruby Files ≈ Packet Storm Sep 1, 2024 | 16:04 pmThis Metasploit module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the XML request processor.
Read more... -
Ruby On Rails Devise Authentication Password Reset
Ruby Files ≈ Packet Storm Aug 31, 2024 | 21:43 pmThe Devise authentication gem for Ruby on Rails is vulnerable to a password reset exploit leveraging type confusion. By submitting XML to rails, we can influence the type used for the reset_password_token parameter. This allows for resetting passwords of arbitrary[…]
Read more... -
Apple TV Video Remote Control
Ruby Files ≈ Packet Storm Aug 31, 2024 | 21:27 pmThis Metasploit module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky about the server that hosts the video. Tested servers include default IIS, default Apache, and Rubys WEBrick. For WEBrick, the default MIME list[…]
Read more... -
Ruby On Rails File Content Disclosure
Ruby Files ≈ Packet Storm Aug 31, 2024 | 19:37 pmThis Metasploit module uses a path traversal vulnerability in Ruby on Rails versions 5.2.2 and below to read files on a target server.
Read more... -
Nuuo Central Management Server Authenticated Arbitrary File Download
Ruby Files ≈ Packet Storm Aug 31, 2024 | 18:49 pmThe Nuuo Central Management Server allows an authenticated user to download files from the installation folder. This functionality can be abused to obtain administrative credentials, the SQL Server database password and arbitrary files off the system with directory traversal. The[…]
Read more... -
Ruby WEBrick::HTTP::DefaultFileHandler Denial of Service
Ruby Files ≈ Packet Storm Aug 31, 2024 | 17:17 pmThe WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 to 1.8.6-p286, 1.8.7 to 1.8.7-p71, and 1.9 to r18423 allows for a DoS (CPU consumption) via a crafted HTTP request.
Read more... -
Ruby on Rails JSON Processor Floating Point Heap Overflow Denial of Service
Ruby Files ≈ Packet Storm Aug 31, 2024 | 17:17 pmWhen Ruby attempts to convert a string representation of a large floating point decimal number to its floating point equivalent, a heap-based buffer overflow can be triggered. This Metasploit module has been tested successfully on a Ruby on Rails application[…]
Read more... -
Gentoo Linux Security Advisory 202408-24
Ruby Files ≈ Packet Storm Aug 12, 2024 | 14:55 pmGentoo Linux Security Advisory 202408-24 - A vulnerability has been discovered in Ruby on Rails, which can lead to remote code execution via serialization of data. Versions greater than or equal to 6.1.6.1:6.1 are affected.
Read more... -
Red Hat Security Advisory 2024-4542-03
Ruby Files ≈ Packet Storm Jul 15, 2024 | 20:36 pmRed Hat Security Advisory 2024-4542-03 - An update for ruby is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a HTTP response splitting vulnerability.
Read more...
Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!
Sie können durch Schliessen dieses Fensters natürlich mit AdBlocker weitermachen - wenn Sie mit dieser Schuld leben können .... es liegt an Ihnen - AdBlocker abschalten und ruhig schlafen können oder mit AdBlocker weitermachen und von übelsten Albträumen gequält werden!
Wir haben Sie gewarnt ....