CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-5001

lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.8%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 2.1

References

http://www.openwall.com/lists/oss-security/2014/07/07/21
http://www.openwall.com/lists/oss-security/2014/07/17/5
http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html
http://www.openwall.com/lists/oss-security/2014/07/07/21
http://www.openwall.com/lists/oss-security/2014/07/17/5
http://www.vapid.dhs.org/advisories/kcapifony-2.1.6.html

Products affected by CVE-2014-5001

Kcapifony Project » Kcapifony » Version: 2.1.6

cpe:2.3:a:kcapifony_project:kcapifony:2.1.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-5001

Products

Pricing

Contact Us