|
280771
|
7.5 |
HIGH
Network
|
microsemi
|
s350i_firmware
|
Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) …
|
CWE-22
Path Traversal
|
CVE-2014-5068
|
2024-11-21 11:11 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280772
|
7.8 |
HIGH
Local
|
brbackup_project
|
brbackup
|
lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-5004
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280773
|
5.5 |
MEDIUM
Local
|
ciborg_project
|
ciborg
|
chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlb…
|
CWE-20
Improper Input Validation
|
CVE-2014-5003
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280774
|
7.8 |
HIGH
Local
|
lynx_project
|
lynx
|
The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.
|
CWE-255
Credentials Management
|
CVE-2014-5002
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280775
|
7.8 |
HIGH
Local
|
kcapifony_project
|
kcapifony
|
lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensit…
|
CWE-200
Information Exposure
|
CVE-2014-5001
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280776
|
7.8 |
HIGH
Local
|
lawn-login_project
|
lawn-login
|
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-5000
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280777
|
7.8 |
HIGH
Local
|
kajam_project
|
kajam
|
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command…
|
CWE-200
Information Exposure
|
CVE-2014-4999
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280778
|
7.8 |
HIGH
Local
|
lean-ruport_project
|
lean-ruport
|
test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-4998
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280779
|
7.8 |
HIGH
Local
|
point-cli_project
|
point-cli
|
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-4997
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280780
|
5.5 |
MEDIUM
Local
|
vladtheenterprising_project
|
vladtheenterprising
|
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.
|
CWE-59
Link Following
|
CVE-2014-4996
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
