Holger Just

3 exploits Active since Nov 2013
CVE-2013-4457 WRITEUP WRITEUP
Cocaine gem 0.4.0-0.5.2 - OS Command Injection via Recursive Variable Interpolation
The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.
CVE-2017-15568 WRITEUP MEDIUM WRITEUP
Redmine < 3.2.8, 3.3.x < 3.3.5, 3.4.x < 3.4.3 - Cross-Site Scripting via Multi-Value Field in Issue History
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.
CVSS 6.1
CVE-2017-15569 WRITEUP MEDIUM WRITEUP
Redmine < 3.2.8, 3.3.x < 3.3.5, 3.4.x < 3.4.3 - Cross-Site Scripting via Multi-Value Field in Issue List
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.
CVSS 6.1