This write up provides a proof of concept with technical details for the git submodule arbitrary code execution vulnerability.
e19e46c66ca213278e2e5071ab8ca2967a9ee4af6d8e8a3c08f2175f8fa16633
The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations and it allows for OS command injection. Versions before before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 are affected.
2de6037444f7b5a4cba7811fd7636e3e1a89d1b61face8188b179e5a4d83797b
This Metasploit module exploits the Web UI for Metasploit Community, Express and Pro where one of a certain set of Weekly Releases have been applied. These Weekly Releases introduced a static secret_key_base value. Knowledge of the static secret_key_base value allows for deserialization of a crafted Ruby Object, achieving code execution. This Metasploit module is based on exploits/multi/http/rails_secret_deserialization.
0aed762884874a2a56109540ad0db42b6eefad643e2cf8d5c9179b0f1d8783a6
jruby-sandbox aims to allow safe execution of user given Ruby code within a JRuby [0] runtime. However via import of Java classes it is possible to circumvent those protections and execute arbitrary code outside the sandboxed environment. Versions 0.2.2 and below are affected.
95989cd8d69be3950435d2b8b421d281337ab209a2bdeb9f0d15a7d1b1f1dd76
Github suffered from a remote command execution vulnerability via variable injection.
9f7a407ba51e7296ee3742308b11d9a6e7b6f2bcb28af5feb69321525261aeef
Open-Xchange AppSuite version 7.4.1 fails to properly neutralize javascript inserted at the header of an SVG image file.
902503927eb1161ffb0b2ded9523ac54b5ca2dc0ca6eb132a17f1234f1998415
Fat Free CRM suffers from cross site request forgery, known session secret, and remote SQL injection vulnerabilities.
e36735d125c4d5e421f622b4448eb7831f1aded7c14c184b6ede1eee0bf01c06
sup versions prior to 0.14.1.1 and prior to 0.13.2.1 suffer from an arbitrary command execution vulnerability via a forged content type of an email attachment.
7f25065280e73ca0e7c1a1f6429061cd9ee6353dfc98cf483575c0a5d76a0da5
This Metasploit module implements remote command execution on Ruby on Rails applications. Prerequisite is knowledge of the "secret_token" (Rails 2/3) or "secret_key_base" (Rails 4). The values for those can be usually found in the file "RAILS_ROOT/config/initializers/secret_token.rb". The module achieves RCE by deserialization of a crafted Ruby Object.
11be9f012016644efb3d2156025a67454ab17fda375b0d1a9de05a368b0ca5e5
sudo versions 1.8.0 through 1.8.3p1 suffer from a format string vulnerability that allows for privilege escalation.
81fb04538af951a21c660e19f143b2d360f83aa70ff21c86befc1fc8af952094
Gitorious versions prior to 2.1.1 suffer from a remote command execution vulnerability.
6eaad22fe33effe3e4d1a3e355ffa9f4cb239465e6efdd17446f0304e8263e07
This Metasploit module exploits an arbitrary command execution vulnerability in the in gitorious. Unvalidated input is send to the shell allowing command execution.
023996dd7d2c62a5dab4704f9115739776acd6d35999b55954dfb79301ee71fe
This Metasploit module exploits an arbitrary command execution vulnerability in the Spreecommerce search. Unvalidated input is called via the Ruby send method allowing command execution.
d3108b6b1413b6aeeeff914cbc18a85d9770bf726d64b72125ff0d155c918d7a
This Metasploit module exploits an arbitrary command execution vulnerability in the Spreecommerce API searchlogic. Unvalidated input is called via the Ruby send method allowing command execution.
5f324564c756ec1163ada3b1c576328ce33a96570f58fa83e43acb3bf9d56e4e
This Metasploit module exploits remote code execution vulnerabilities in dRuby.
a681602f532ac58f4f6a9e537c9a81e6dec64369d00b6b75f0ed0815a4eb1b33
This Metasploit module exploits remote syscalls in DRuby.
a802a00709712a959585c5ee44f6a3601a7d2f74fae2b7984b61b541d1f3a35f
This Metasploit module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering.
b07063132a30d982b8374ebb512a724b5c8499987169c5fc9e3ffb5ff0057e46