| OS Command Injection in '/lib/un.rb -- Utilities to replace common UNIX commands in Makefiles etc' |
OS Command Injection |
chinarulezzz |
Medium |
2021-07-19 |
| OS Command Injection in 'rdoc' documentation generator |
OS Command Injection |
chinarulezzz |
Medium |
2021-07-13 |
| imap: StartTLS stripping attack (CVE-2016-0772). |
Cryptographic Issues - Generic |
chinarulezzz |
Medium |
2021-07-08 |
| lib/net/ftp.rb: trusting PASV responses allow client abuse |
Information Disclosure |
chinarulezzz |
Low |
2021-07-08 |
| Path traversal in Tempfile on windows OS due to unsanitized backslashes |
Path Traversal |
bugdiscloseguys |
Medium |
2021-04-07 |
| Potential HTTP Request Smuggling in ruby webrick |
HTTP Request Smuggling |
piao |
Low |
2020-10-29 |
| Variant of CVE-2013-0269 (Denial of Service and Unsafe Object Creation Vulnerability in JSON) |
Business Logic Errors |
jeremyevans |
Medium |
2020-04-23 |
| OS Command Injection via egrep in Rake::FileList |
OS Command Injection |
kyoshida |
No rating |
2019-08-29 |
| OpenSSL::X509::Name Equality Check Does Not Work, Patch included |
Improper Certificate Validation |
tylereckstein |
Medium |
2018-10-19 |
| SEGV in parse_rat() |
Denial of Service |
etsukata |
No rating |
2018-06-13 |
| Invalid URL parsing '#' |
None supplied |
mrtc0 |
None |
2018-05-01 |
| Response splitting vulnerability in WEBrick |
Cross-site Scripting (XSS) - Generic |
tenderlove |
Low |
2018-04-29 |
| Unintentional file creation caused at Tempfile with directory traversal |
Improper Access Control - Generic |
ooooooo_q |
No rating |
2018-04-01 |
| The possibility that unintended file operation may be performed because some methods of `Dir` do not check NULL characters. |
Improper Access Control - Generic |
ooooooo_q |
No rating |
2018-04-01 |
| Unix domain socket and a path containing a null character |
Improper Access Control - Generic |
ooooooo_q |
No rating |
2018-03-31 |
| controlled buffer under-read in pack_unpack_internal() |
Buffer Under-read |
aerodudrizzt |
Medium |
2018-03-30 |
| Resolv::getaddresses bug that can be abused to bypass security measures. |
Violation of Secure Design Principles |
edoverflow |
No rating |
2018-02-23 |
| Integer Underflow @ ossl_cipher_pkcs5_keyivgen |
Integer Underflow |
finb |
None |
2018-02-23 |
| NET::Ftp allows command injection in filenames |
Command Injection - Generic |
staaldraad |
Low |
2017-12-19 |
| Provide a security sistem most fit to our team |
None supplied |
sam1166 |
High |
2017-12-15 |
| Take back my all data from [email protected] |
None supplied |
sam1166 |
High |
2017-12-15 |
| Bugs |
None supplied |
survivedabuse |
High |
2017-12-15 |
| Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML |
Memory Corruption - Generic |
usa |
Medium |
2017-10-25 |
| Parsing invalid unicode codepoints using json c extension (2.0.1+) triggers a segfault |
Memory Corruption - Generic |
dgollahon |
None |
2017-10-25 |
| Arbitrary heap exposure in JSON.generate |
Memory Corruption - Generic |
ahmadsherif |
No rating |
2017-09-25 |
| Ruby 2.4.1 has "Stack consistency error" and aborts when processing return statement within a case statement |
Memory Corruption - Generic |
haquaman |
No rating |
2017-09-24 |
| sprintf combined format string attack |
Memory Corruption - Generic |
aerodudrizzt |
Medium |
2017-09-22 |
| Escape sequence injection vulnerability in WEBrick BasicAuth |
Command Injection - Generic |
mame |
Medium |
2017-09-15 |
| Open aws s3 bucket s3://rubyci |
Information Disclosure |
sandeep_hodkasia |
Critical |
2017-08-07 |
| RCE (Remote Code Execution) Vulnerability on Ruby |
Remote File Inclusion |
cloudyvirus |
Medium |
2017-04-05 |
| Open S3 Bucket WriteAble To Any Aws User |
Improper Authentication - Generic |
injector404 |
High |
2017-03-30 |
| public report - Reproducible - Writable RubyCi Amazon s3 bucket[207053] |
Improper Authentication - Generic |
koti2 |
No rating |
2017-03-29 |
| Buffer underflow in sprintf |
Memory Corruption - Generic |
haquaman |
No rating |
2017-03-05 |
| Ruby:HTTP Header injection in 'net/http' |
Open Redirect |
rootredrain |
No rating |
2017-02-27 |
| Writable RubyCi Amazon s3 bucket |
Improper Authentication - Generic |
dataalchemist |
High |
2017-02-27 |
| Arbitrary heap overread in strscan on 32 bit Ruby, patch included |
Information Disclosure |
guido |
Low |
2016-11-17 |
| SMTP command injection |
Command Injection - Generic |
jeremy |
No rating |
2016-06-30 |
| Heap corruption in string.c tr_trans() due to undersized buffer |
Memory Corruption - Generic |
guido |
No rating |
2016-06-21 |
| Heap corruption in DateTime.strftime() on 32 bit for certain format strings |
Memory Corruption - Generic |
guido |
No rating |
2016-06-21 |
| StringIO strio_getline() can divulge arbitrary memory |
Memory Corruption - Generic |
guido |
No rating |
2016-06-21 |
| Ruby: Heap Overflow in Floating Point Parsing |
None supplied |
charliesome |
No rating |
2013-11-22 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles