65 matches found
CVE-2023-24373 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability
External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...
Fedora 40 : rubygem-httparty (2024-a1ce4ef332)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a1ce4ef332 advisory. Automatic update for rubygem-httparty-0.21.0-1.fc40. Changelog Fri Jan 5 2024 Vt Ondruch - 0.21.0-1 - Update to HTTParty 0.20.0. Resolves: rhbz17016...
CVE-2023-43697
Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...
CVE-2023-43697
Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...
Design/Logic Flaw
Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...
CVE-2023-43697
Modification of Assumed-Immutable Data MAID in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests...
CVE-2023-4669
Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass.This issue affects SYSGuard 3001: before 3.2.20.0...
CVE-2023-4669
Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0...
CVE-2023-4669 Authentication Bypass in Exagate SYSGuard 3001
Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0...
CVE-2023-4669 Authentication Bypass in Exagate SYSGuard 3001
Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass. This issue affects SYSGuard 3001: before 3.2.20.0...
PT-2023-30161
Name of the Vulnerable Software and Affected Versions Exagate SYSGuard 3001 versions prior to 3.2.20.0 Description The issue is related to an Authentication Bypass by Assumed-Immutable Data vulnerability, which allows for authentication bypass. This vulnerability affects Exagate SYSGuard 3001...
External Control of Assumed-Immutable Web Parameter
Overview Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to improper escape of the " character in the generatemultipart function, which allows injecting malicious content to the filename parameter via the Content-Disposition header. PoC...
CVE-2022-3875
A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely...
CVE-2022-3875 Click Studios Passwordstate API authentication bypass by assumed-immutable data
A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely...
External Control of Assumed-Immutable Web Parameter in moodle
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field...
GHSA-X6GM-QQWP-76GR External Control of Assumed-Immutable Web Parameter in moodle
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field...
Code injection
DISPUTED Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the 1 rule name parameter to the Rules page or the 2 subrule name or 3 categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed...
CVE-2022-29950
Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the 1 rule name parameter to the Rules page or the 2 subrule name or 3 categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed...
PT-2022-19930 · Experian · Experian Hunter
Name of the Vulnerable Software and Affected Versions: Experian Hunter version 1.16 Description: The issue allows remote authenticated users to modify assumed-immutable elements. This can be achieved via the rule name parameter to the "Rules page" or the subrule name or categories name parameter ...
Siemens SINEMA Remote Connect Server
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Modification of Assumed-Immutable Data, Improper Access Control, Exposure of Sensitive Information to an Unauthorized Actor, Improper...