EUVD-2022-4274

Malicious code in bioql PyPI...

GHSA-8936-CGJ4-PHR2 Echor contains Command Injection

The performrequest function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password...

Denial of service

The performrequest function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table...

Default credentials

The performrequest function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password...

CVE-2014-1834

The performrequest function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password...

CVE-2014-1835

The performrequest function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table...

echor Gem for Ruby backplane.rb perform_request Function Arbitrary Command Execution

Echor Gem for Ruby contains a flaw in backplane.rb in the performrequest function that is triggered when a semi-colon ; is injected into a username or password. This may allow a context-dependent attacker to inject arbitrary commands if the gem is used in a rails application...