Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-0752

Published: 16/02/2016 Updated: 08/08/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 507
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Rubyonrails

Vulnerability Summary

Directory traversal vulnerability in Action View in Ruby on Rails prior to 3.2.22.1, 4.0.x and 4.1.x prior to 4.1.14.1, 4.2.x prior to 4.2.5.1, and 5.x prior to 5.0.0.beta1.1 allows remote malicious users to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rubyonrails rails 4.2.3

rubyonrails rails 4.1.10

rubyonrails rails 4.1.9

rubyonrails rails 4.1.3

rubyonrails rails 4.1.2

rubyonrails rails 4.0.8

rubyonrails rails 4.0.7

rubyonrails rails 4.0.3

rubyonrails rails 4.0.2

rubyonrails rails 4.0.0

rubyonrails rails 4.2.5

rubyonrails rails 4.2.0

rubyonrails rails 4.1.14

rubyonrails rails 4.1.8

rubyonrails rails 4.1.7

rubyonrails rails 4.1.1

rubyonrails rails 4.1.0

rubyonrails rails 4.0.6

rubyonrails rails 4.0.1

rubyonrails rails 5.0.0

rubyonrails rails 4.2.2

rubyonrails rails 4.2.1

rubyonrails ruby on rails 4.1.11

rubyonrails rails 4.0.10

rubyonrails ruby on rails

rubyonrails rails 4.2.4

rubyonrails rails 4.1.13

rubyonrails rails 4.1.12

rubyonrails rails 4.1.6

rubyonrails rails 4.1.5

rubyonrails rails 4.1.4

rubyonrails rails 4.0.9

rubyonrails rails 4.0.5

rubyonrails rails 4.0.4

Vendor Advisories

Debian CVElist Bug Report Logs: rails: CVE-2015-3226: XSS in ActiveSupport::JSON.encode
Debian Bug report logs - #790486 rails: CVE-2015-3226: XSS in ActiveSupport::JSONencode Package: src:rails; Maintainer for src:rails is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 Jun 2015 18:36:01 UTC Sever ...
Debian CVElist Bug Report Logs: rails: CVE-2015-3227: Possible Denial of Service attack in Active Support
Debian Bug report logs - #790487 rails: CVE-2015-3227: Possible Denial of Service attack in Active Support Package: src:rails; Maintainer for src:rails is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 Jun 2015 1 ...
Debian Security Advisories: DSA-3509-1 rails -- security update
Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby Both vulnerabilities affect Action Pack, which handles the web requests for Rails CVE-2016-2097 Crafted requests to Action View, one of the components of Action Pack, might result in rendering files from arbitrary locations, including files ...
Debian Security Advisories: DSA-3464-1 rails -- security update
Multiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation For the stable distribution (jessie), these problems have been fixed in version 2:418-1+deb8u1 For the unstable distribution ( ...
Red Hat: CVE-2016-0752
A directory traversal flaw was found in the way the Action View component searched for templates for rendering If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this flaw to render unexpected files and, possibly, execute arbitrary code ...

Exploits

Exploit DB: Ruby on Rails - Dynamic Render File Upload / Remote Code Execution (Metasploit)
require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' => 'Ruby on Rails Dyn ...
Exploit DB: Ruby on Rails Dynamic Render File Upload Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in the explicit render method when leveraging user parameters This Metasploit module has been tested across multiple versions of Ruby on Rails The technique used by this module requires the specified endpoint to be using dynamic render paths Also, the vulnerable target will ne ...

Github Repositories

https://github.com/NzKoff/shift_summer_2019

Репозиторий для проектов по ИБ от ЦФТ - ШИФТ 2019 лето

SHIFT AppSec 2019 Стек технологий Python3 + Flask (uwsgi-nginx-flask-docker) Docker Git Firefox Burp Suite некоторые зависимости для python Как работаем Шаги: Регистрируемся на githubcom, если нет аккаунта Капитан команды делает fork репозитория к себе (к

https://github.com/forced-request/rails-rce-cve-2016-0752

Exploiting CVE-2016-0752 This app serves as a vulnerable Proof of Concept for exploiting CVE-2016-0752 For more information refer to this blog post, which explains the vulnerability, the steps required to exploit, the fix, and a link to a metasploit module Getting Started echo "" > log/developmentlog # Clear out the log file rvm use 223 bundle rails s

https://github.com/julianmunoz/Rails-Dynamic-Render-vuln

POC for CVE 2016-0752

Rails-Dynamic-Render-vuln POC for CVE 2016-0752 Script Usage Example python RailsExploit-CVE-2016-0752py server_ip:port/vulnerable_path

https://github.com/dachidahu/CVE-2016-0752

Exploiting CVE-2016-0752 This app serves as a vulnerable Proof of Concept for exploiting CVE-2016-0752 For more information refer to this blog post, which explains the vulnerability, the steps required to exploit, the fix, and a link to a metasploit module Getting Started echo "" > log/developmentlog # Clear out the log file rvm use 223 bundle rails s

https://github.com/sa7ar19/Template-injection

Template-injection Be on the lookout for the use of AngularJS and test out fields using the Angular syntax {{ }} To make your life easier, get the Firefox plugin Wappalyzer - it will show you what software a site is using, including the use of AngularJS template injection vulnerabilities can sometimes lead to remote code execution ############# the presentation logic, which

https://github.com/neargle/SecNewsBak

备份SecNews失效的Drops.Wooyun文章

README 该项目只用于备份Sec-News上Drops乌云知识库的失效文章,并非Drops整站文章。 文章列表如下: drops_arti_list = [ "SQL注入速查表(上)", "WMI Attacks", "攻击洋葱路由(Tor)匿名服务的一些综述", "SQL注入速查表(下)与Oracle注入速查表", "Hacking ipcam like Harold in P

References

CWE-22https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJhttp://www.openwall.com/lists/oss-security/2016/01/25/13http://www.securityfocus.com/bid/81801http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0296.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00043.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00034.htmlhttp://www.debian.org/security/2016/dsa-3464https://www.exploit-db.com/exploits/40561/http://www.securitytracker.com/id/1034816https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486https://www.exploit-db.com/exploits/40561/https://github.com/NzKoff/shift_summer_2019https://www.debian.org/security/./dsa-3509
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook