CVE-2020-18705

XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'...

CVE-2019-9765

Blog_mini 1.0 is affected by an XSS vulnerability that arises when a comment reply author name is not properly sanitized in app/main/views.py articleDetails(), with the issue referencing app/templates/_article_comments.html. This could allow injected scripts via the author name field as part of a...

CVE-2019-6509

An issue was discovered in creditease-sec insight through 2018-09-11. departdelete in srcpm/app/admin/views.py allows CSRF...

Command injection

Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled...

CVE-2018-5347

Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled...

CVE-2018-5347

Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled...

CVE-2013-5942

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...

CVE-2013-5942

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...