RSS   Vulnerabilities for 'Echor'   RSS

2018-02-02
 
CVE-2014-1835

CWE-255
 

 
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.

 
 
CVE-2014-1834

CWE-77
 

 
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.

 


Copyright 2024, cxsecurity.com

 

Back to Top