Debian DSA-4264-1 : python-django - security update

Andreas Hug discovered an open redirect in Django, a Python web development framework, which is exploitable ifdjango.middleware.common.CommonMiddleware is used and the APPENDSLASH setting is enabled. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Debian: Security Advisory (DSA-4264-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: pkgconf-1.3.9-1.fc25

pkgconf is a program which helps to configure compiler and linker flags for development frameworks. It is similar to pkg-config from freedesktop.org and handles .pc files in a similar manner as pkg-config...

USN-3254-1: Django vulnerabilities

It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...

Eclipse Development Framework File Inclusion Vulnerability

Eclipse is an extensible Java-based development platform that supports the development of JAVA, PHP, C++ and other languages. The Eclipse development framework has a file inclusion vulnerability that allows attackers to exploit the vulnerability to obtain sensitive information or launch further...

[SECURITY] [DSA 3544-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3544-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2016 https://www.debian.org/security/faq -...

Debian DLA-349-1 : python-django security update

It was discovered that there was a potential settings leak in date template filter of Django, a web-development framework. If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, e.g. lastupdated|date:userdateformat , then a malicious...

Debian DLA-272-1 : python-django security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework : CVE-2015-2317 Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to...

Debian DSA-3305-1 : python-django - security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework : - CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided...

[SECURITY] [DSA 3204-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3204-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 24, 2015 http://www.debian.org/security/faq -...

BEdita CMS 3.5.1 Cross Site Scripting

Affected software: BEdita CMS Type of vulnerability: cross site scripting URL: bedita.com Discovered by: Provensec Website: http://www.provensec.com Description: BEdita is a web development framework that comes with a full featured CMS out of the box. Proof of concept javascript executes on login...

November 2014 Microsoft Patch Tuesday Security Bulletins

Microsoft today provided its Patch Tuesday advanced notification, giving IT managers a head’s up about 16 bulletins that are scheduled to be delivered next week, including five rated critical for remote code execution and privilege escalation issues. The heavy patch load is an anomaly for 2014,...

OracleAS TopLink Mapping Workbench Weak Encryption Algorithm Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9515/info OracleAS TopLink Mapping Workbench is a tool included with OracleAS TopLink, a Java-based database integration development framework that is included as a component of various Oracle Application Server releases...

Qcodo Development Framework 0.3.3 Full Info Disclosure

No description provided by source...

Debian DSA-2755-1 : python-django - directory traversal

Rainer Koirikivi discovered a directory traversal vulnerability with'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWEDINCLUDEROOTS' setting, used to represent allowed prefixes for the % ssi % template tag, is...

[SECURITY] Fedora 17 Update: php-symfony-symfony-1.4.18-1.fc17

Symfony is a complete framework designed to optimize the development of web applications by way of several key features. For starters, it separates a w eb application's business rules, server logic, and presentation views. It contains numerous tools and classes aimed at shortening the development...

ThinkPHP development framework xss-vulnerability warning-the black bar safety net

Brief description: open source php development framework for default therexssvulnerabilities, leading to all use of the framework for the development of the system are presentxssvulnerability Detailed description: does not does not exist in the module handle the error properly, leading...

[SECURITY] [DSA 2163-1] python-django security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2163-1 [email protected] http://www.debian.org/security/ Nico Golde February 14, 2011 http://www.debian.org/security/faq -...

Debian DSA-2163-1 : python-django - multiple vulnerabilities

Several vulnerabilities were discovered in the Django web development framework : - CVE-2011-0696 For several reasons the internal CSRF protection was not used to validate AJAX requests in the past. However, it was discovered that this exception can be exploited with a combination of browser...

Qcodo Development Framework 0.3.3 Full Info Disclosure

Exploit for php platform in category web applications Exploit Title: Qcodo Development Framework 0.3.3 Full Info Disclosure Google Dork: allintext: /qcodo/devtools/codegen.php Date: 5/02/2011 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web:...