3 matches found
CVE-2014-1834
The performrequest function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password...
CVE-2014-1834
The CVE-2014-1834 entry concerns the echor 0.1.6 Ruby Gem (backplane.rb) where the perform_request function allows local users to inject arbitrary commands by inserting a semicolon into their username or password. The root cause is insufficient input handling for user-supplied credentials, enabli...
CVE-2014-1834
The performrequest function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password...