Page 5 of 41 results (0.002 seconds)
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2012-2054 – Honeywell HMIWeb Browser ActiveX Control RequestDSPLoad Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2054
04 Apr 2012 — Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327. Redmine antes de v1.3.2 no restringe adecuadamente el uso de un ... • http://www.redmine.org/boards/2/topics/29343 • CWE-255: Credentials Management Errors •