RSS   Vulnerabilities for 'Kcapifony'   RSS

2018-01-10
 
CVE-2014-5001

CWE-200
 

 
lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes.

 


Copyright 2019, cxsecurity.com

 

Back to Top