Ruby Exploits

5,952 exploits tracked across all sources.

Sort: Activity Stars
CVE-2001-0500 METASPLOIT ruby
Microsoft Index Server < 6.0 - Buffer Overflow
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
by MC
CVE-1999-0874 METASPLOIT ruby
Microsoft Internet Information Server - Memory Corruption
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
by stinko
CVE-2002-1142 METASPLOIT ruby
Microsoft MDAC <2.7 - Buffer Overflow
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
CVE-2011-10025 METASPLOIT HIGH ruby
Subtitle Processor 7.7.1 - Buffer Overflow
Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies it to a fixed-size stack buffer without proper bounds checking. This allows an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code.
by Brandon Murphy, sinn3r
CVE-2014-4114 METASPLOIT HIGH ruby
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
by Haifei Li, sinn3r, juan vazquez
CVSS 7.8
CVE-2023-34634 METASPLOIT HIGH ruby
Greenshot <1.2.10 - Code Injection
Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.
by p4r4bellum, bwatters-r7
CVSS 7.8
CVE-2010-1240 METASPLOIT ruby
Adobe PDF Embedded EXE Social Engineering
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
CVE-2013-1017 METASPLOIT ruby
Apple QuickTime <7.7.4 - RCE
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.
by Jason Kratzer, Tom Gallagher, Paul Bates, sinn3r
CVE-2013-7409 METASPLOIT ruby
ALLPlayer <5.8.1 - Buffer Overflow
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
by metacom, Mike Czumak, Gabor Seljan
CVE-2012-0897 METASPLOIT ruby
IrfanView PlugIns <4.33 - RCE
Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
CVE-2011-1574 METASPLOIT ruby
libmodplug <0.8.8.2 - Buffer Overflow
Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.
by jduck
CVE-2012-10051 METASPLOIT HIGH ruby
Photodex ProShow Producer <5.0.3256 - Buffer Overflow
Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.
by Julien Ahrens, mr.pr0n, juan vazquez
CVE-2009-3429 METASPLOIT ruby
Pirateradio Destiny Media Player - Memory Corruption
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
CVE-2005-0308 METASPLOIT ruby
Ursoftware W32dasm - Buffer Overflow
Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name.
by aushack
CVE-2008-4779 METASPLOIT ruby
Tguzip - Memory Corruption
Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.
by Stefan Marin, Lincoln
CVE-2012-0201 METASPLOIT ruby
IBM Personal Communications - Memory Corruption
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.
CVE-2010-0688 METASPLOIT ruby
Orbital Viewer 1.04 - Buffer Overflow
Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assisted remote attackers to execute arbitrary code via a crafted (1) .orb or (2) .ov file.
by jduck
CVE-2007-5659 METASPLOIT HIGH ruby
Adobe Acrobat < 8.1.2 - Buffer Overflow
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
by MC
CVSS 7.8
CVE-2012-0013 METASPLOIT ruby
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
by Yorick Koster, sinn3r
CVE-2006-6251 METASPLOIT ruby
Vuplayer < 2.44 - Buffer Overflow
Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an "M3U UNC Name" attack.
by MC
CVE-2017-0199 METASPLOIT HIGH ruby
Microsoft Office Word Malicious Hta Execution
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
by Haifei Li, ryHanson, wdormann, DidierStevens, vysec, Nixawk, sinn3r
CVSS 7.8
CVE-2013-3346 METASPLOIT CRITICAL ruby
Adobe Acrobat < 9.5.5 - Out-of-Bounds Write
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
by Soroush Dalili, Unknown, sinn3r, juan vazquez
CVSS 9.8
CVE-2009-4656 METASPLOIT ruby
E-Soft DJ Studio Pro <5.1.4.3.1 - Buffer Overflow
Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls) containing a long string. NOTE: some of these details are obtained from third party information.
by Sebastien Duquette
CVE-2014-4114 METASPLOIT HIGH ruby
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
by Unknown, sinn3r, juan vazquez
CVSS 7.8
CVE-2009-1028 METASPLOIT ruby
Edisys Ezip Wizard - Memory Corruption
Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.
by fl0 fl0w, jduck, Lincoln
By Source
All 5,952 Exploitdb 50,130 Writeup 46,871 Nomisec 21,233 Metasploit 3,221 Github 2,353 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,952 python 5,785 c 3,564 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 78 go 45 postscript 25 xml 24