Ruby Exploits

6,006 exploits tracked across all sources.

Sort: Activity Stars
CVE-2005-0595 METASPLOIT ruby
BadBlue 2.55 - Remote Code Execution via Long mfcisapicommand Parameter
Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.
CVE-2014-2314 METASPLOIT ruby
Atlassian JIRA <6.0.4 - Path Traversal
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
by Philippe Arteau, juan vazquez
CVE-2008-0871 METASPLOIT ruby
Now SMS/MMS Gateway < 2007.06.27 - Stack-Based Buffer Overflow via HTTP Authorization Header or SMPP Packet
Multiple stack-based buffer overflows in Now SMS/MMS Gateway 2007.06.27 and earlier allow remote attackers to execute arbitrary code via a (1) long password in an Authorization header to the HTTP service or a (2) large packet to the SMPP service.
by MC
CVE-2025-57791 METASPLOIT MEDIUM ruby
Commvault Command-Line Argument Injection to Traversal Remote Code Execution
A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role.
by Sonny Macdonald, Piotr Bazydlo, remmons-r7
CVSS 6.5
CVE-2012-2962 METASPLOIT ruby
Plixer Scrutinizer <9.5.2 - SQL Injection
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
by muts, Devon Kearns, sinn3r
CVE-2015-7766 METASPLOIT ruby
ZOHO ManageEngine OpManager <11.6 - Auth Bypass
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
CVE-2025-59287 METASPLOIT CRITICAL ruby
Windows Server 2012, 2016, 2019, 2022, 2025 - Unauthenticated RCE via Deserialization
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
by mwulftange, msutovsky-r7
CVSS 9.8
CVE-2025-34108 METASPLOIT HIGH ruby
Disk Pulse Enterprise <9.0.34 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component. Successful exploitation allows arbitrary code execution with SYSTEM privileges.
by Chris Higgins, Tulpa Security
CVE-2017-6187 METASPLOIT CRITICAL ruby
DiskSavvy Enterprise 9.4.18 - Remote Code Execution via Long URI in GET Request
Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.
by vportal, Gabor Seljan
CVSS 9.8
CVE-2011-4166 METASPLOIT ruby
HP Managed Printing Administration <2.6.4 - Path Traversal
Directory traversal vulnerability in the MPAUploader.Uploader.1.UploadFiles method in HP Managed Printing Administration before 2.6.4 allows remote attackers to create arbitrary files via crafted form data.
by Andrea Micalizzi, juan vazquez
CVE-2021-42847 METASPLOIT CRITICAL ruby
ManageEngine ADAudit Plus Authenticated File Write RCE
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
by Moon, Erik Wynter
CVSS 9.8
CVE-2012-2329 METASPLOIT ruby
PHP 5.4.x < 5.4.3 - Buffer Overflow via HTTP Request Header
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
by Vincent Danen, juan vazquez
CVE-2025-34511 METASPLOIT HIGH ruby
Sitecore XP CVE-2025-34511 Post-Authentication File Upload
Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the server using crafted HTTP requests, resulting in remote code execution.
by Piotr Bazydlo, msutovsky-r7
CVSS 8.8
CVE-2007-5067 METASPLOIT ruby
iMatix Xitami Web Server 2.5c2 - Remote Code Execution via Long If-Modified-Since Header
Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.
CVE-2002-2268 METASPLOIT ruby
Webster HTTP Server - Remote Code Execution via Long URL
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
by aushack
CVE-2025-34105 METASPLOIT CRITICAL ruby
DiskBoss Enterprise <8.2.14 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.
by vportal, Ahmad Mahfouz, Gabor Seljan, Jacob Robles
CVE-2023-40504 METASPLOIT CRITICAL ruby
LG Simple Editor Command Injection (CVE-2023-40504)
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the readVideoInfo method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19953.
by rgod, Michael Heinzl
CVSS 9.8
CVE-2010-2703 METASPLOIT ruby
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.
CVE-2007-6204 METASPLOIT ruby
HP OpenView Network Node Manager <7.51 - RCE
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe.
by MC
CVE-2023-32781 METASPLOIT HIGH ruby
Paessler PRTG Network Monitor < 23.3.86.1520 - Authenticated Command Injection
A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 7.2
CVE-2002-0392 METASPLOIT ruby
Apache HTTP Server 1.3-1.3.24 & 2.0-2.0.36 - DoS & RCE via Chunk-Encoded Request
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
by hdm, jduck
CVE-2009-3849 METASPLOIT ruby
HP OpenView Network Node Manager 7.01, 7.51, 7.53 - Remote Code Execution via Long Template or Oid Parameter
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.
by MC
CVE-2020-0618 METASPLOIT HIGH ruby
Microsoft SQL Server Reporting Services - Remote Code Execution via ViewState Deserialization
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
by Soroush Dalili, Spencer McIntyre
CVSS 8.8
CVE-2010-1960 METASPLOIT ruby
HP OpenView Network Node Manager 7.51 and 7.53 - Remote Code Execution via Long Invalid Option to jovgraph.exe
Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.
by jduck
CVE-2005-2297 METASPLOIT ruby
Sybase EAServer 4.2.5-5.2 - Authenticated Stack-Based Buffer Overflow via TreeAction.do Javascript Parameter
Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.
by Unknown
By Source
All 6,006 Writeup 62,507 Exploitdb 50,076 Nomisec 22,463 Github 3,685 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,604 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25