Ben Murphy

4 exploits Active since Jun 2015
CVE-2015-3224 NOMISEC WORKING POC
rubyonrails/web_console < 2.1.2 and rubygems/web-console < 2.1.3 - Improper Access Control via X-Forwarded-For Header
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
2 stars
CVE-2015-4335 WRITEUP WRITEUP
Redis < 2.8.21 and 3.x < 3.0.2 - Remote Code Execution via Lua Bytecode in EVAL Command
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
CVE-2015-3224 METASPLOIT ruby WORKING POC
rubyonrails/web_console < 2.1.2 and rubygems/web-console < 2.1.3 - Improper Access Control via X-Forwarded-For Header
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
CVE-2015-3224 EXPLOITDB ruby WORKING POC
rubyonrails/web_console < 2.1.2 and rubygems/web-console < 2.1.3 - Improper Access Control via X-Forwarded-For Header
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.