175 matches found
CVE-2016-3952
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...
CVE-2016-3953
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...
CVE-2016-3957
The secureload function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryptionkey...
CVE-2016-3952
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...
CVE-2016-3954
web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...
CVE-2016-3953
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...
CVE-2016-3957
The secureload function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryptionkey...
CVE-2016-3953
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...
CVE-2016-3953
The CVE-2016-3953 issue affects web2py before 2.14.2, where the hardcoded encryption key used in session.connect can enable remote code execution. The vulnerability is documented with a high/severe impact (CVSS v3.0: 9.8 CRITICAL; CVSS v2.0: 7.5 HIGH). Affected component: the session handling in ...
CVE-2016-3954
web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...
CVE-2016-3957
The secureload function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryptionkey...
CVE-2016-3957
Web2py
CVE-2016-3954
CVE-2016-3954 affects web2py before 2.14.2. The vulnerability exposes the session_cookie_key via a direct request to /examples/simple_examples/status, enabling an attacker with local access to read sensitive session state. This issue can be leveraged to perform arbitrary code execution through CV...
CVE-2016-3952
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...
CVE-2016-3952
web2py (standalone) before 2.14.1 is affected by CVE-2016-3952: an attacker can request examples/template_examples/beautify to obtain environment variable values, which can be leveraged to gain administrative access. The issue aligns with documented exposure of sensitive information in web2py-rel...
CVE-2016-3952
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...
CVE-2016-3954
web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...
CVE-2016-3957
The secureload function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryptionkey...
CVE-2016-3953
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...
UBUNTU-CVE-2016-3954
web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...