Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : python-django regression (USN-1632-2)

USN-1632-1 fixed a vulnerability in Django. The upstream fix introduced testsuite failures when ADMINS and/or MANAGERS were defined in settings.py. This update fixes the problem. We apologize for the inconvenience. James Kettle discovered Django did not properly filter the Host HTTP header when...

USN-1632-2: Django regression

USN-1632-1 fixed a vulnerability in Django. The upstream fix introduced testsuite failures when ADMINS and/or MANAGERS were defined in settings.py. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Kettle discovered Django did not properly filter...

Ubuntu Update for python-django USN-1632-1

Ubuntu Update for Linux kernel vulnerabilities USN-1632-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16321.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for python-django USN-1632-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.ne...

[USN-1632-1] Django vulnerability

========================================================================== Ubuntu Security Notice USN-1632-1 November 15, 2012 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : python-django vulnerability (USN-1632-1)

James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu...

USN-1632-1: Django vulnerability

James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users...

ZenPhoto 1.4.3.3 - Multiple Vulnerabilities

ZenPhoto 1.4.3.3 - Multiple Vulnerabilities waraxe-2012-SA096 - Multiple Vulnerabilities in Zenphoto 1.4.3.3 =============================================================================== Author: Janek Vind "waraxe" Date: 03. November 2012 Location: Estonia, Tartu Web:...

Zenphoto 1.4.3.3 SQL Injection / Interface Exposure / XSS

waraxe-2012-SA096 - Multiple Vulnerabilities in Zenphoto 1.4.3.3 =============================================================================== Author: Janek Vind "waraxe" Date: 03. November 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-96.html Description of vulnerable...

Zenphoto 1.4.3.3 Multiple Vulnerabilities

Exploit for php platform in category web applications Multiple Vulnerabilities in Zenphoto 1.4.3.3 Author: Janek Vind "waraxe" Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-96.html Description of vulnerable software: Zenphoto is a standalone CMS for multimedia focused websites. Our...

JVN#39563771: Pebble vulnerable to HTTP header injection

Pebble is an open source weblog system. Pebble contains an HTTP header injection vulnerability. Impact Forged information may be displayed on the user's web browser, arbitrary scripts may be executed or arbitrary values may be set for cookies. Solution Update the software Update to the latest...

Cogent DataHub XSS and CRLF

Overview ICS-CERT is aware of a public report of multiple vulnerabilities in Cogent’s DataHub application. These vulnerabilities include cross-site scripting and an HTTP header injection vulnerability, also known as a carriage return line feed. According to the report, Cogent Real-Times Systems...

CVE-2012-5332

at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a long string in an HTTP header field, as demonstrated using the If-Unmodified-Since field...

Null pointer dereference

at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a long string in an HTTP header field, as demonstrated using the If-Unmodified-Since field...

CVE-2012-5332

at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a long string in an HTTP header field, as demonstrated using the If-Unmodified-Since field...

CVE-2012-5332

Summary: CVE-2012-5332 affects at32 Reverse Proxy 1.060.310 and is caused by processing an overly long HTTP header (demonstrated with the If-Unmodified-Since header), leading to a NULL pointer dereference and a DoS (application crash). Details from connected sources: Multiple CVE records (NVD, CV...

Ubuntu 10.04 LTS / 11.04 / 11.10 : python2.6 vulnerabilities (USN-1596-1)

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...

Novell GroupWise Internet Agent Request Content-Length Header Parsing Remote Overflow

Binary data groupwiseiacve-2012-0271.nbin...

mod_rpaf: Denial of service

Background modrpaf is a reverse proxy add forward module for backend Apache servers. Description An error has been found in the way modrpaf handles X-Forwarded-For headers. Please review the CVE identifier referenced below for details. Impact A remote attacker could send a specially crafted HTTP...

PHP < 5.3.11, 5.4.0 < 5.4.1 RC1 HTTP Header Injection Vulnerability

PHP is prone to an HTTP header injection vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

Siemens SIMATIC WinCC HMI Web Server Multiple Input Validation Vulnerabilities - Active Check

Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from...