RSS   Vulnerabilities for 'Vladtheenterprising'   RSS

2018-01-10
 
CVE-2014-4996

CWE-59
 

 
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.

 
 
CVE-2014-4995

CWE-362
 

 
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.

 


Copyright 2019, cxsecurity.com

 

Back to Top