Vulnerabilities > Vladtheenterprising Project

DATE CVE VULNERABILITY TITLE RISK
2018-01-10 CVE-2014-4996 Link Following vulnerability in Vladtheenterprising Project Vladtheenterprising 0.2.0
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.
local
low complexity
vladtheenterprising-project CWE-59
5.5
2018-01-10 CVE-2014-4995 Race Condition vulnerability in Vladtheenterprising Project Vladtheenterprising 0.2.0
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.
local
high complexity
vladtheenterprising-project CWE-362
7.0