|
277741
|
7.8 |
HIGH
Local
|
kcapifony_project
|
kcapifony
|
lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensit…
|
CWE-200
Information Exposure
|
CVE-2014-5001
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277742
|
7.8 |
HIGH
Local
|
lawn-login_project
|
lawn-login
|
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-5000
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277743
|
7.8 |
HIGH
Local
|
kajam_project
|
kajam
|
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command…
|
CWE-200
Information Exposure
|
CVE-2014-4999
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277744
|
7.8 |
HIGH
Local
|
lean-ruport_project
|
lean-ruport
|
test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-4998
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277745
|
7.8 |
HIGH
Local
|
point-cli_project
|
point-cli
|
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-4997
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277746
|
5.5 |
MEDIUM
Local
|
vladtheenterprising_project
|
vladtheenterprising
|
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.
|
CWE-59
Link Following
|
CVE-2014-4996
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277747
|
7.0 |
HIGH
Local
|
vladtheenterprising_project
|
vladtheenterprising
|
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before …
|
CWE-200
CWE-362
Information Exposure
Race Condition
|
CVE-2014-4995
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277748
|
5.5 |
MEDIUM
Local
|
gyazo_project
|
gyazo
|
lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.
|
CWE-20
Improper Input Validation
|
CVE-2014-4994
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277749
|
7.8 |
HIGH
Local
|
backup_checksum_project
backup-agoddard_project
|
backup_checksum
backup-agoddard
|
(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allow…
|
CWE-200
Information Exposure
|
CVE-2014-4993
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277750
|
7.8 |
HIGH
Local
|
cap-strap_project
|
cap-strap
|
lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-4992
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
