|
279041
|
7.8 |
HIGH
Local
|
point-cli_project
|
point-cli
|
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-4997
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279042
|
5.5 |
MEDIUM
Local
|
vladtheenterprising_project
|
vladtheenterprising
|
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.
|
CWE-59
Link Following
|
CVE-2014-4996
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279043
|
7.0 |
HIGH
Local
|
vladtheenterprising_project
|
vladtheenterprising
|
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before …
|
CWE-200
CWE-362
Information Exposure
Race Condition
|
CVE-2014-4995
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279044
|
5.5 |
MEDIUM
Local
|
gyazo_project
|
gyazo
|
lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.
|
CWE-20
Improper Input Validation
|
CVE-2014-4994
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279045
|
7.8 |
HIGH
Local
|
backup_checksum_project
backup-agoddard_project
|
backup_checksum
backup-agoddard
|
(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allow…
|
CWE-200
Information Exposure
|
CVE-2014-4993
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279046
|
7.8 |
HIGH
Local
|
cap-strap_project
|
cap-strap
|
lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-4992
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279047
|
7.8 |
HIGH
Local
|
codders-dataset_project
|
codders-dataset
|
(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to o…
|
CWE-200
Information Exposure
|
CVE-2014-4991
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279048
|
5.9 |
MEDIUM
Network
|
huawei
|
s9300_firmware
s9300e_firmware
s7700_firmware
s9700_firmware
s5700_firmware
s6700_firmware
s5300_firmware
s6300_firmware
s2300_firmware
s2700_firmware
s3300_firmware
…
|
Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal.
|
CWE-200
Information Exposure
|
CVE-2014-5394
|
2024-11-21 11:11 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279049
|
9.8 |
CRITICAL
Network
|
freenas
|
freenas
|
FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.
|
CWE-254
7PK - Security Features
|
CVE-2014-5334
|
2024-11-21 11:11 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279050
|
9.8 |
CRITICAL
Network
|
microsemi
|
s350i_firmware
|
SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username.
|
CWE-89
SQL Injection
|
CVE-2014-5071
|
2024-11-21 11:11 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
