28 matches found
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
CVE-2019-16676
Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...
EUVD-2019-0664
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-16109
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record...
Plataformatec Simple Form Input Validation Error Vulnerability
Plataformatec Simple Form is a form builder from Plataformatec Brazil. An input validation error vulnerability exists in Plataformatec Simple Form. The vulnerability originates from a network system or product that does not properly validate input data. Detailed vulnerability details are not...
CVE-2019-16676
Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...
CVE-2019-16676
Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...
CVE-2019-16676
Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...
Design/Logic Flaw
Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...
CVE-2019-16676
Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/formbuilder.rb, because a user-supplied string is invoked as a method call...
CVE-2019-16676
CVE-2019-16676 affects Plataformatec Simple Form. The vulnerability arises in file_method? within lib/simple_form/form_builder.rb where a user-supplied string is invoked as a method call, enabling potential abuse of form inputs. Public references (Red Hat, NVD, OSV, GHSA) describe an Incorrect Ac...
GHSA-FCJW-8RHJ-GWWC Authentication Bypass in Devise
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
Authentication Bypass in Devise
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
Plataformatec Devise Authorization Issues Vulnerability
Plataformatec Devise is a Warden-based Rails authentication solution from Plataformatec, Brazil. An authorization issue vulnerability exists in Plataformatec Devise versions prior to 4.7.1. No detailed vulnerability details are provided at this time...
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
UBUNTU-CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
Cross site request forgery (csrf)
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...