GHSA-GP69-XCM6-FFQJ Web2py Cross-Site Request Forgery vulnerability

Web2py versions 2.14.5 and below was affected by CSRF Cross Site Request Forgery vulnerability, which allows an attacker to trick a logged-in administrator into performing unwanted actions i.e An attacker can trick a victim into disable the installed application just by visiting a URL...

GHSA-GV85-WGXC-VC56 web2py is vulnerable to password brute-force attack

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...

GHSA-Q2RQ-QGCF-M22W web2py remote code execution via hardcoded encryption key in session.connect function

The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...

web2py exposure of sensitive information

web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...

web2py is vulnerable to password brute-force attack

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...

web2py remote code execution via hardcoded encryption key in session.connect function

The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...

GHSA-JR83-VR4J-MP6P web2py exposure of sensitive information

web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...

Ubuntu 16.04 LTS : web2py vulnerabilities (USN-4030-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4030-1 advisory. It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform...

Ubuntu: Security Advisory (USN-4030-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4030-1 web2py vulnerabilities

It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. CVE-2016-10321 It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could...

USN-4030-1: web2py vulnerabilities

It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. CVE-2016-10321 It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could...

web2py environment variable value vulnerability

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A security vulnerability exists in web2py versions prior to 2.14.1. When a user uses the standalone version, an attacker can exploit the vulnerability by...

web2py sample Web application command execution vulnerability

web2py is a set of open source Web framework written in Python , it supports rapid development of database-driven Web-based applications . sample web application is one of the Web application template . A security vulnerability exists in the sample web application in versions of web2py prior to...

web2py Arbitrary Code Execution Vulnerability

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A security vulnerability exists in the 'secureload' function of the gluon/utils.py file in versions of web2py prior to 2.14.2, which stems from the...

web2py Information Disclosure Vulnerability

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A security vulnerability exists in web2py versions prior to 2.14.2. A remote attacker can exploit this vulnerability by sending a direct request to...

CVE-2016-3953

The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...

CVE-2016-3952

web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...

Hardcoded credentials

The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...

Design/Logic Flaw

web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...

Design/Logic Flaw

web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...