Lucene search
+L

608 matches found

Cvelist
Cvelist
added 2012/04/04 10:0 a.m.22 views

CVE-2012-2054

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the 1 Comment, 2 Document, 3 IssueCategory, 4 MembersController, 5 Message, 6 News, 7 TimeEntry, 8 Version, 9 Wiki, 10 UserPreference, o...

6.2AI score0.0209EPSS
Exploits0References3
Cvelist
Cvelist
added 2012/04/04 10:0 a.m.23 views

CVE-2012-2055

GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the publickeyuserid value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability...

7.5AI score0.01838EPSS
Exploits0References4
CVE
CVE
added 2012/04/04 10:0 a.m.62 views

CVE-2012-2055

GitHub Enterprise before 20120304 is affected by a mass-assignment vulnerability where the software does not properly restrict a hash when filling model attributes, allowing remote attackers to set public_key[user_id] via a manipulated URL to the public-key update form. Root cause: inadequate fil...

7.5CVSS7.5AI score0.01838EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2012/04/04 10:0 a.m.87 views

CVE-2012-2054

CVE-2012-2054 refers to a mass-assignment vulnerability in Redmine prior to version 1.3.2. The issue allows remote attackers to set attributes for multiple models (Comment, Document, IssueCategory, MembersController, Message, News, TimeEntry, Version, Wiki, UserPreference, Board) by manipulating ...

5CVSS6.5AI score0.0209EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2012/04/04 10:0 a.m.40 views

CVE-2012-2054

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the 1 Comment, 2 Document, 3 IssueCategory, 4 MembersController, 5 Message, 6 News, 7 TimeEntry, 8 Version, 9 Wiki, 10 UserPreference, o...

5CVSS6.3AI score0.0209EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2012/04/04 12:0 a.m.9 views

PT-2012-3769 · Github · Github Enterprise

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise versions prior to 20120304 Description: The issue allows remote attackers to set the public keyuser id value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability. This occurs becaus...

7.5CVSS7.4AI score0.01838EPSS
Exploits0References6
Metasploit
Metasploit
added 2012/03/15 2:56 p.m.27 views

Ruby On Rails Attributes Mass Assignment Scanner

This module scans Ruby On Rails sites for models with attributes not protected by attrprotected or attraccessible. After attempting to assign a non-existent field, the default rails with activerecord setup will raise an ActiveRecord::UnknownAttributeError exception, and reply with HTTP code 500...

7.5AI score
Exploits0
FreeBSD
FreeBSD
added 2012/03/11 12:0 a.m.16 views

redmine -- multiple vulnerabilities

Redmine reports: Mass-assignment vulnerability that would allow an attacker to bypass part of the security checks. Persistent XSS vulnerability...

4.3CVSS6AI score0.01822EPSS
Exploits0References2
Rows per page
Query Builder