[SECURITY] Fedora 28 Update: python-django-2.0.10-1.fc28

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Remote Code Execution (RCE)

jboss-seam2 is vulnerable to remote code execution RCE attacks. The vulnerability exists as org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform JBEAP 5.2.0, and JBoss Enterprise Web Platform JBEWP 5.2.0 allows remote attackers to...

[SECURITY] Fedora 29 Update: python-django-2.0.10-1.fc29

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

The vulnerability of the Web framework component of the Cisco IOS XE operating system allows a hacker to trigger a service failure.

The vulnerability of the Web framework component of the Cisco IOS XE operating system arises due to errors in parsing HTTP packets. Exploiting this vulnerability can allow a malicious actor to cause service failures using a specially crafted HTTP packet...

CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

Remote code execution

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

CVE-2018-1000861

CVE-2018-1000861 affects Jenkins via the Stapler web framework (MetaClass && deserialization), enabling remote code execution. Affected: Jenkins 2.153 and earlier, LTS 2.138.3 and earlier. Root cause: deserialization/IMPACTful method invocation through crafted URLs in stapler/core MetaClass.java ...

CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

CVE-2018-15441

Cisco Prime License Manager (PLM) is affected by CVE-2018-15441, a SQL injection in the web framework code that could allow an unauthenticated, remote attacker to execute arbitrary SQL. The issue arises from inadequate validation of user-supplied input in SQL queries, exploitable via crafted HTTP...

RhinOS Cross-Site Request Forgery Vulnerability

RhinOS is a set of Web development framework . A cross-site request forgery vulnerability exists in RhinOS version 3.0 build 1190. A remote attacker can exploit this vulnerability to download arbitrary files...

Sql injection

A vulnerability in the web framework code of Cisco Integrated Management Controller IMC Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could...

CVE-2018-15447 Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Integrated Management Controller IMC Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could...

Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability

Cisco Integrated Management Controller IMC Supervisor is a set of tools used by Cisco to manage UCS Unified Computing System, which supports HTTP, SSH access, etc., and allows operations such as powering up, shutting down, and restarting the server. A SQL injection vulnerability exists in the web...

Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Integrated Management Controller IMC Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could...

[SECURITY] Fedora 29 Update: python-django-2.0.9-1.fc29

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall Information Disclosure Security Vulnerability

Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall are both products of Cisco.Cisco RV180W Wireless-N Multifunction VPN Router is a router product. The Cisco RV180W Wireless-N Multifunction VPN Router is a router and the Small...

Path traversal

A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due...

CVE-2018-0405

The CVE-2018-0405 issue affects Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W devices. A vulnerability exists in the WEB framework where user-supplied input in HTTP filename parameters is not properly sanitized, enabling unauthenticated remote attackers to p...

Design/Logic Flaw

A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The attacker could retrieve sensitive information...