Cross site request forgery (csrf)

Web2py versions 2.14.5 and below was affected by CSRF Cross Site Request Forgery vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim...

Arbitrary file deletion

Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files...

CVE-2016-4808

Web2py versions 2.14.5 and below was affected by CSRF Cross Site Request Forgery vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim...

CVE-2016-4806

Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files...

CVE-2016-4808

Web2py versions 2.14.5 and below was affected by CSRF Cross Site Request Forgery vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim...

CVE-2016-4807

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user admin...

CVE-2016-4806

Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files...

UBUNTU-CVE-2016-4807

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user admin...

CVE-2016-4807

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user admin...

UBUNTU-CVE-2016-4806

Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files...

CVE-2016-4806

Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files...

CVE-2016-4808

Web2py versions 2.14.5 and below was affected by CSRF Cross Site Request Forgery vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim...

CVE-2016-4807

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user admin...

CVE-2016-4808

Web2py CSRF vulnerability CVE-2016-4808 affects Web2py 2.14.5 and earlier. The issue lets an attacker lure a logged-in user (often an admin) to perform unintended actions by visiting a malicious URL, potentially disabling an installed application. Public references indicate exploits exist (e.g., ...

CVE-2016-4807

CVE-2016-4807 affects Web2py 2.14.5 and earlier, introducing a reflected XSS vulnerability that can allow an attacker to perform script execution in the browser of a logged-in admin. The vulnerability is documented across multiple sources (NVD/NVD-linked entries and OSS platforms) as a Web2py Ref...

CVE-2016-4806

CVE-2016-4806 affects Web2py 2.14.5 and earlier, enabling Local File Inclusion (LFI) that can allow a malicious user to read server-sensitive files. Public references show an exploit for Web2py 2.14.5 and note a fixed version Web2py 2.14.6. Impact described includes access to sensitive files; no ...

Internet Bug Bounty: CVE-2016-0772 - python: smtplib StartTLS stripping attack

python smtplib starttls stripping attack affects: basically all versions of smtplib with starttls support and projects relying on it python 2.7.2 - 2.7.11 dates back 14 years python 3.0 - 3.5.1 dates back 7 years Python's implementation of smtplib fails to raise an exception upon an unexpected...

Web2py 2.14.5 本地文件包含等多个漏洞

No description provided by source...

web2py cross-site scripting vulnerability (CNVD-2016-03331)

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A cross-site scripting vulnerability exists in web2py version 2.14.5. An attacker can exploit this vulnerability to inject arbitrary web script or HTML...

web2py local file inclusion vulnerability

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A local file inclusion vulnerability exists in the 'file' parameter in web2py version 2.14.5. An attacker can exploit this vulnerability by sending a...