608 matches found
CVE-2012-2054
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the 1 Comment, 2 Document, 3 IssueCategory, 4 MembersController, 5 Message, 6 News, 7 TimeEntry, 8 Version, 9 Wiki, 10 UserPreference, o...
CVE-2012-2055
GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the publickeyuserid value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability...
CVE-2012-2055
GitHub Enterprise before 20120304 is affected by a mass-assignment vulnerability where the software does not properly restrict a hash when filling model attributes, allowing remote attackers to set public_key[user_id] via a manipulated URL to the public-key update form. Root cause: inadequate fil...
CVE-2012-2054
CVE-2012-2054 refers to a mass-assignment vulnerability in Redmine prior to version 1.3.2. The issue allows remote attackers to set attributes for multiple models (Comment, Document, IssueCategory, MembersController, Message, News, TimeEntry, Version, Wiki, UserPreference, Board) by manipulating ...
CVE-2012-2054
Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the 1 Comment, 2 Document, 3 IssueCategory, 4 MembersController, 5 Message, 6 News, 7 TimeEntry, 8 Version, 9 Wiki, 10 UserPreference, o...
PT-2012-3769 · Github · Github Enterprise
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise versions prior to 20120304 Description: The issue allows remote attackers to set the public keyuser id value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability. This occurs becaus...
Ruby On Rails Attributes Mass Assignment Scanner
This module scans Ruby On Rails sites for models with attributes not protected by attrprotected or attraccessible. After attempting to assign a non-existent field, the default rails with activerecord setup will raise an ActiveRecord::UnknownAttributeError exception, and reply with HTTP code 500...
redmine -- multiple vulnerabilities
Redmine reports: Mass-assignment vulnerability that would allow an attacker to bypass part of the security checks. Persistent XSS vulnerability...