4 matches found
EUVD-2022-2415
Malicious code in bioql PyPI...
kajam allows local users to obtain sensitive information by listing the process
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the 1 mysqldump command line in the capture function and 2 mysql command line in the restore function, which allows local users to obtain sensitive information by listing the...
CVE-2014-4999
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the 1 mysqldump command line in the capture function and 2 mysql command line in the restore function, which allows local users to obtain sensitive information by listing the...
CVE-2014-4999
CVE-2014-4999 affects the Kajam Ruby gem (1.0.3.rc2). The issue arises in vendor/plugins/dataset/lib/dataset/database/mysql.rb where the mysql user password is exposed on the command lines used by mysqldump (capture) and mysql (restore), enabling a local attacker to view the password by listing p...