Lucene search
K

566 matches found

Tenable Nessus
Tenable Nessus
added 2014/01/02 12:0 a.m.37 views

Debian DSA-2834-1 : typo3-src - several vulnerabilities

Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004. %NASLMINLEVEL 70300 C Tenable...

6.5CVSS5.2AI score0.0164EPSS
Exploits0References13
Debian
Debian
added 2014/01/01 4:19 p.m.32 views

[SECURITY] [DSA 2834-1] typo3-src security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2834-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 01, 2014 http://www.debian.org/security/faq -...

6.5CVSS6.3AI score0.0164EPSS
Exploits0
OpenVAS
OpenVAS
added 2013/12/31 12:0 a.m.32 views

Debian: Security Advisory (DSA-2834-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.4AI score0.0164EPSS
Exploits0References3
OSV
OSV
added 2013/12/23 11:55 p.m.6 views

UBUNTU-CVE-2013-7080

The creating record functionality in Extension table administration library feuseradminLib.inc in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass...

5.8CVSS5.9AI score0.01207EPSS
Exploits0References3
Typo3
Typo3
added 2013/12/10 12:0 a.m.96 views

Multiple Vulnerabilities in TYPO3 CMS

It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Information Disclosure, Mass Assignment, Open Redirection and Insecure Unserialize. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Scripting, Information Disclosure, Mass Assignment, Open Redirection and...

6.5CVSS6AI score0.0164EPSS
Exploits0Affected Software1
0day.today
0day.today
added 2013/08/22 12:0 a.m.54 views

Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment

This Metasploit module exploits a mass assignment vulnerability in the create action of users controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier by creating an arbitrary administrator account. For this exploit to work, your account must have createusers permission...

6CVSS6.4AI score0.20934EPSS
Exploits4
Exploit DB
Exploit DB
added 2013/08/22 12:0 a.m.44 views

Foreman (RedHat OpenStack/Satellite) - users/create Mass Assignment (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Foreman Red Hat OpenStack/Satellite...

6CVSS7.4AI score0.20934EPSS
Exploits4
Packet Storm
Packet Storm
added 2013/08/21 12:0 a.m.48 views

Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Foreman Red Hat OpenStack/Satellite...

6CVSS6.6AI score0.20934EPSS
Exploits4
Metasploit
Metasploit
added 2013/07/22 6:24 p.m.41 views

Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment

This module exploits a mass assignment vulnerability in the 'create' action of 'users' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier by creating an arbitrary administrator account. For this exploit to work, your account must have 'createusers' permission e.g....

6CVSS6.9AI score0.20934EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2013/07/09 5:35 p.m.3 views

rubygem-json: Denial of Service and SQL Injection

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS6.7AI score0.13911EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/06/27 4:38 p.m.5 views

Foreman: app/controllers/users_controller.rb arbitrary admin user creation due to mass assignment

The create method in app/controllers/userscontroller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by 1 changing the admin flag or 2 assigning an arbitrary role...

6CVSS5.9AI score0.20934EPSS
Exploits4References4
NVD
NVD
added 2013/03/08 6:55 p.m.14 views

CVE-2013-2506

app/models/spree/user.rb in spreeauthdevise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves...

4CVSS6.4AI score0.01265EPSS
Exploits0References2
Prion
Prion
added 2013/03/08 6:55 p.m.15 views

Design/Logic Flaw

app/models/spree/user.rb in spreeauthdevise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves...

4CVSS6.9AI score0.01265EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2013/03/08 6:0 p.m.51 views

CVE-2013-2506

The CVE-2013-2506 vulnerability affects spree_auth_devise within Spree 1.1.x (before 1.1.6) and in 1.2.x and 1.3.x, where app/models/spree/user.rb does not perform mass assignment safely during user updates. This allows remote authenticated users to assign arbitrary roles to themselves, indicatin...

4CVSS6.5AI score0.01265EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2013/02/13 1:55 a.m.29 views

CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS7.9AI score0.13911EPSS
Exploits0References23
OSV
OSV
added 2013/02/13 1:55 a.m.2 views

DEBIAN-CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS7.9AI score0.13911EPSS
Exploits0References1
Prion
Prion
added 2013/02/13 1:55 a.m.35 views

Sql injection

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS7.8AI score0.13911EPSS
Exploits0References23Affected Software1
Cvelist
Cvelist
added 2013/02/13 1:0 a.m.51 views

CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.9AI score0.13911EPSS
Exploits0References23
EUVD
EUVD
added 2013/02/13 1:0 a.m.4 views

EUVD-2017-0327

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS6.7AI score0.13911EPSS
Exploits0References33
Debian CVE
Debian CVE
added 2013/02/13 1:0 a.m.29 views

CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

7.5CVSS5.4AI score0.13911EPSS
Exploits0
Rows per page
Query Builder