Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Ruby - HackerOne Reports

View on HackerOne

72

Total Reports

1

Critical

10

High

20

Medium

10

Low

Provide a security sistem most fit to our team

Reported by: sam1166 | Disclosed:

High

RDoc::MethodAttr is vulnerable to Regular Expression Denial of Service (ReDoS)

Reported by: sighook | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Parsing invalid unicode codepoints using json c extension (2.0.1+) triggers a segfault

Reported by: dgollahon | Disclosed:

Weakness: Memory Corruption - Generic

Ruby OpenSSL Library - IV Reuse in GCM Mode

Reported by: offftherecord | Disclosed:

Bounty: $500.00

Arbitrary heap exposure in JSON.generate

Reported by: ahmadsherif | Disclosed:

Weakness: Memory Corruption - Generic

XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256)

Reported by: sighook | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Net::SMTP with tls allows forged certificates as long as the hostname matches

Reported by: hanno | Disclosed:

Medium

Weakness: Improper Certificate Validation

imap: StartTLS stripping attack (CVE-2016-0772).

Reported by: sighook | Disclosed:

Medium

Weakness: Cryptographic Issues - Generic

Bounty: $500.00

CVEs: CVE-2016-0772

XSS in HTML generated by RDoc

Reported by: ooooooo_q | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

RCE by parsing `.rdoc_options` in RDoc

Reported by: ooooooo_q | Disclosed:

Weakness: Code Injection

XMLRPC does not limit deserializable classes.

Reported by: ooooooo_q | Disclosed:

High

Weakness: Deserialization of Untrusted Data

DoS in bigdecimal's sqrt function due to miscalculation of loop iterations

Reported by: z2_ | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

OS Command Injection in 'rdoc' documentation generator

Reported by: sighook | Disclosed:

Medium

Weakness: OS Command Injection

Bounty: $500.00

Response splitting vulnerability in WEBrick

Reported by: tenderlove | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Source code disclosed via S3 Bucket

Reported by: thevillagehack3r | Disclosed:

High

Weakness: Information Exposure Through Directory Listing

NET::Ftp allows command injection in filenames

Reported by: staaldraad | Disclosed:

Low

Weakness: Command Injection - Generic

OS Command Injection via egrep in Rake::FileList

Reported by: kyoshida | Disclosed:

Weakness: OS Command Injection

Integer Underflow @ ossl_cipher_pkcs5_keyivgen

Reported by: finb | Disclosed:

Weakness: Integer Underflow

Buffer underflow in sprintf

Reported by: haquaman | Disclosed:

Weakness: Memory Corruption - Generic

Bounty: $500.00

Bugs

Reported by: survivedabuse | Disclosed:

High

Page 1 of 4 Next