2 matches found
CVE-2014-1834
The CVE-2014-1834 entry concerns the echor 0.1.6 Ruby Gem (backplane.rb) where the perform_request function allows local users to inject arbitrary commands by inserting a semicolon into their username or password. The root cause is insufficient input handling for user-supplied credentials, enabli...
CVE-2014-1835
CVE-2014-1835 affects the echor Ruby Gem (version 0.1.6) with a vulnerable perform_request implementation in /lib/echor/backplane.rb. This local-information-disclosure flaw allows an unprivileged local user to monitor the process table and obtain plaintext login credentials. The CVSS data in the ...