|
277911
|
7.8 |
HIGH
Local
|
kajam_project
|
kajam
|
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command…
|
CWE-200
Information Exposure
|
CVE-2014-4999
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277912
|
7.8 |
HIGH
Local
|
lean-ruport_project
|
lean-ruport
|
test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-4998
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277913
|
7.8 |
HIGH
Local
|
point-cli_project
|
point-cli
|
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-4997
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277914
|
5.5 |
MEDIUM
Local
|
vladtheenterprising_project
|
vladtheenterprising
|
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.
|
CWE-59
Link Following
|
CVE-2014-4996
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277915
|
7.0 |
HIGH
Local
|
vladtheenterprising_project
|
vladtheenterprising
|
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before …
|
CWE-200
CWE-362
Information Exposure
Race Condition
|
CVE-2014-4995
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277916
|
5.5 |
MEDIUM
Local
|
gyazo_project
|
gyazo
|
lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.
|
CWE-20
Improper Input Validation
|
CVE-2014-4994
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277917
|
7.8 |
HIGH
Local
|
backup_checksum_project
backup-agoddard_project
|
backup_checksum
backup-agoddard
|
(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allow…
|
CWE-200
Information Exposure
|
CVE-2014-4993
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277918
|
7.8 |
HIGH
Local
|
cap-strap_project
|
cap-strap
|
lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-4992
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277919
|
7.8 |
HIGH
Local
|
codders-dataset_project
|
codders-dataset
|
(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to o…
|
CWE-200
Information Exposure
|
CVE-2014-4991
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277920
|
5.9 |
MEDIUM
Network
|
huawei
|
s9300_firmware
s9300e_firmware
s7700_firmware
s9700_firmware
s5700_firmware
s6700_firmware
s5300_firmware
s6300_firmware
s2300_firmware
s2700_firmware
s3300_firmware
…
|
Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal.
|
CWE-200
Information Exposure
|
CVE-2014-5394
|
2024-11-21 11:11 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
