Description
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
Remediation
References
Related Vulnerabilities
WordPress Plugin BannerMan Cross-Site Scripting (0.2.4)
WordPress Plugin Events Manager Extended Multiple HTML Injection Vulnerabilities (3.1.2)
WordPress Plugin WP Flash Player Multiple Cross-Site Scripting Vulnerabilities (1.3)
WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Request Forgery (1.7.8)