Vulnerabilities > CVE-2014-2888 - Unspecified vulnerability in Herry Sfpagent
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.
Vulnerable Configurations
Packetstorm
| data source | https://packetstormsecurity.com/files/download/126223/rubysfpagent-exec.txt |
| id | PACKETSTORM:126223 |
| last seen | 2016-12-05 |
| published | 2014-04-18 |
| reporter | Larry W. Cashdollar |
| source | https://packetstormsecurity.com/files/126223/Ruby-Gem-sfpagent-0.4.14-Command-Injection.html |
| title | Ruby Gem sfpagent 0.4.14 Command Injection |
References
- http://seclists.org/fulldisclosure/2014/Apr/243
- http://seclists.org/fulldisclosure/2014/Apr/243
- http://www.openwall.com/lists/oss-security/2014/04/16/1
- http://www.openwall.com/lists/oss-security/2014/04/16/1
- http://www.openwall.com/lists/oss-security/2014/04/18/4
- http://www.openwall.com/lists/oss-security/2014/04/18/4
- http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html
- http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html