4 matches found
CVE-2014-2888
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request...
CVE-2014-2888
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request...
CVE-2014-2888
The sfpagent Ruby gem (version prior to 0.4.15) is affected by CVE-2014-2888: a remote command-injection flaw where a JSON request’s module name can include shell metacharacters, allowing an attacker to execute arbitrary commands on the target. Descriptions across NVD, GHSA, RubySec, and related ...
Ruby Gem sfpagent 0.4.14 Command Injection
Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14 Date: 4/15/2014 Author: Larry W. Cashdollar, @larry0 CVE: 2014-2888 Download: http://rubygems.org/gems/sfpagent Vulnerability The list variable generated from the user supplied JSONbody input is passed directly to the system shell on lin...