CVE-2014-5000
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
Source: CVE-2014-5000
[월:] 2018년 01월
CVE-2014-5003
CVE-2014-5003
chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer.
Source: CVE-2014-5003
CVE-2014-5002
CVE-2014-5002
The lynx gem 0.2.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.
Source: CVE-2014-5002
CVE-2014-5004
CVE-2014-5004
lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.
Source: CVE-2014-5004
CVE-2017-15663
CVE-2017-15663
In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.
Source: CVE-2017-15663
CVE-2014-4997
CVE-2014-4997
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
Source: CVE-2014-4997
CVE-2014-4999
CVE-2014-4999
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process.
Source: CVE-2014-4999
CVE-2014-4992
CVE-2014-4992
lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.
Source: CVE-2014-4992
CVE-2014-4993
CVE-2014-4993
(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process.
Source: CVE-2014-4993
CVE-2017-16514
CVE-2017-16514
Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application.
Source: CVE-2017-16514