vpereira

2 exploits Active since Mar 2017
CVE-2009-5147 NOMISEC HIGH WORKING POC
Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 < 648, 2.1 < 2.1.8 - Arbitrary Library Loading via DL::dlopen
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.
CVSS 7.3
CVE-2015-1855 NOMISEC MEDIUM WORKING POC
Ruby < 2.0.0p645, 2.1.x < 2.1.6, 2.2.x < 2.2.2 - Hostname Validation Bypass in OpenSSL Extension
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
CVSS 5.9