1738 matches found
Crlf injection
The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...
CVE-2014-0483
The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...
CVE-2014-0483
Django CVE-2014-0483 affects the admin (contrib.admin) and arises from failing to validate whether a field represents a model relationship. This allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action on an admin change form (noted example: /ad...
CVE-2014-0483
The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...
[SECURITY] [DSA 3010-1] python-django security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3010-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 22, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3010-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3010-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 22, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3010-1 (python-django - security update)
Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0480 Florian Apolloner discovered that in certain situations, URL reversing could generate scheme-relative...
DSA-3010-1 python-django - security update
Bulletin has no description...
django -- multiple vulnerabilities
The Django project reports: These releases address an issue with reverse generating external URLs; a denial of service involving file uploads; a potential session hijacking issue in the remote-user middleware; and a data leak in the administrative interface. We encourage all users of Django to...
CVE-2014-3339
The CVE-2014-3339 issue affects Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS). The root cause is insufficient sanitization of user-supplied input in the administrative web interface, enabling an authenticated, remote attacker to perform SQL injection on unspec...
Sysax <= 5.62 Admin Interface Local Buffer Overflow
No description provided by source. !/usr/bin/python Title: Sysax = 5.62 Admin Interface Local Buffer Overflow Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit Date Discovered: June 15, 2012 Vendor Contacted: June 19, 2012 Details:...
FortiGate Firewall 2.x dlg Admin Interface XSS
No description provided by source. source: http://www.securityfocus.com/bid/9033/info Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface. These issues could be exploited by enticing an administrative user to follow a malicious...
MyAuth3 - Blind SQL Injection
No description provided by source. Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdot org | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true...
Netgear ProSafe - Denial of Service Vulnerability
No description provided by source. !/usr/bin/python Netgear ProSafe - CVE-2013-4776 PoC written by Juan J. Guelfo @ Encripto AS [email protected] Copyright 2013 Encripto AS. All rights reserved. This software is licensed under the FreeBSD license. http://www.encripto.no/tools/license.php import sy...
AWBS 2.9.2 (cart.php) Blind SQL Injection Vulnerability
No description provided by source. AWBS 2.9.2 Blind SQL Injection 0day ============================================================================================= Dork....: inurl:/cart?ca=addother&oid= Date....: 01-16-2011 Author..: ShivX Contact.: shivanxatgmaildotcom Vendor..:...
eXtremail <= 2.1.1 (LOGIN) Remote Stack Overflow Exploit
No description provided by source. / extremail-v4.c Copyright c 2006 by [email protected] eXtremail =2.1.1 remote root exploit x86-lnx by mu-b - Sun Oct 08 2006 - Tested on: eXtremail 2.1.1 lnx Overflow in LOGIN command of admin interface. - Private Source Code -DO NOT DISTRIBUTE -...
NETGEAR Wireless Cable Modem Gateway Auth Bypass and CSRF
No description provided by source. Sense of Security - Security Advisory - SOS-11-011 Release Date. 20-Sep-2011 Last Update. - Vendor Notification Date. 22-Mar-2011 Product. NETGEAR Wireless Cable Modem Gateway CG814WG Affected versions. Hardware 1.03, Software V3.9.26 R14 verified, possibly othe...
Softbiz Classifieds Script admin/index.php msg Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/32569/info Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary scri...
FortiGate Firewall 2.x listdel Admin Interface XSS
No description provided by source. source: http://www.securityfocus.com/bid/9033/info Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface. These issues could be exploited by enticing an administrative user to follow a malicious...
Tektronix Phaser 740/750/850/930 Network Printer Administration Interface Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2659/info A remote vulnerability exists in Tektronix Phaser network printers in the 7xx, 8xx, and 9xx series. An attacker with access to the printer's local network or, if no firewall is in place, any attacker can reach t...