105 matches found
CVE-2021-29621 Observable Response Discrepancy in Flask-AppBuilder
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...
CVE-2021-29621
Removed by vendor...
Missing validation of JWT signature in `ManyDesigns/Portofino`
Impact Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. Patches The issue will be patched in the upcoming 5.2.1 release. For more information If you have any questions o...
CVE-2021-29451 Missing validation of JWT signature in `ManyDesigns/Portofino`
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release...
Debian DLA-2622-1 : python-django security update
It was discovered that there was a potential directory traversal issue in Django, a Python-based web development framework. The vulnerability could have been exploited by maliciously crafted filenames. However, the upload handlers built into Django itself were not affected. For Debian 9 'Stretch'...
Debian: Security Advisory (DLA-2622-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2622-1] python-django security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2622-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 09, 2021 https://wiki.debian.org/LTS -...
File Upload Vulnerability in PowerSoft's Agile Development Framework
PowerSoft Agile Development Framework is a set of software system projects based on intelligent scalable components, suitable for enterprise management software and Internet platform back-end system development, the framework provides a perfect permissions role management functions, rapid...
Debian DLA-2569-1 : python-django security update
It was discovered that there was a web cache poisoning attack in Django, a popular Python-based web development framework. This was caused by the unsafe handling of ';' characters in Python's urllib.parse.parseqsl method which had been backported to Django's codebase to fix some other security...
Debian DLA-2540-1 : python-django security update
It was discovered that there was a potential directory-traversal in Django, a Python-based web development framework. For Debian 9 'Stretch', this problem has been fixed in version 1:1.10.7-2+deb9u10. We recommend that you upgrade your python-django packages. For the detailed security status of...
CVE-2020-14764
Vulnerability in the Hyperion Planning product of Oracle Hyperion component: Application Development Framework. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Planning...
File Upload Vulnerability in eFrameWork
eFrameWork is a development framework for B/S application and web development. A file upload vulnerability exists in eFrameWork, which can be exploited by an attacker to gain control of the web server...
Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2020 CPU)
The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Oracle Flow Builder Jython. Supported versions that are affected are...
The vulnerability of the OAM component in Oracle JDeveloper and ADF allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the OAM component in Oracle JDeveloper and ADF is related to lack of access control. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...
Oracle JDeveloper and ADF Unauthorized Access Vulnerability
Oracle JDeveloper is an integrated development environment that provides end-to-end support for modeling, developing, debugging, optimizing, and deploying Java applications and Web services.Oracle ADF is an end-to-end Java EE framework that simplifies application development by providing...
PT-2019-3753 · Oracle · Adf +2
Name of the Vulnerable Software and Affected Versions: Oracle JDeveloper and ADF versions 11.1.1.9.0 through 12.2.1.3.0 Description: The issue is related to insufficient access control in the OAM component of Oracle JDeveloper and ADF, allowing a remote attacker to gain unauthorized access to...
Debian: Security Advisory (DLA-1872-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Stored cross-site scripting vulnerability in WODECMS front-end ne***.cl***.php file
WODECMS is a content management system developed based on a self-developed PHP development framework. A stored cross-site scripting vulnerability exists in the WODECMS front-end ne.cl.php file. An attacker can insert malicious js code into the page to obtain user cookies and other information,...
Debian: Security Advisory (DSA-4363-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1629-1 : python-django security update
It was discovered that there was a content-spoofing vulnerability in the default 404 pages in the Django web development framework. For more information, please see : https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ For Debian 8 'Jessie', this issue has been fixed in...