1734 matches found
PYSEC-2014-27
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...
CVE-2012-5485
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...
CVE-2012-5485
CVE-2012-5485 affects Plone (as part of conga/luci) where registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote code execution via the admin interface. Root cause is improper handling in the RestrictedPython sandbox when processing admin actions, enabling a remote attacke...
[SECURITY] [DLA 65-1] python-django security update
Package : python-django Version : 1.2.3-3+squeeze11 CVE ID : CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 This update address an issue with reverse generating external URLs; a denial of service involving file uploads; a potential session hijacking issue in the remote-user middleware; a...
CVE-2012-6659
Cross-site scripting XSS vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
Cross site scripting
Cross-site scripting XSS vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2012-6659
Phorum prior to version 5.2.19 is affected by a cross-site scripting (XSS) vulnerability in the admin interface that allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Root cause details are not further described in the provided documents beyond the XSS in the admin...
CVE-2012-6659
Cross-site scripting XSS vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
PT-2014-2312 · Plone +1 · Plone +1
Name of the Vulnerable Software and Affected Versions: Plone versions prior to 4.2.3 Plone version 4.3 before beta 1 Description: The issue allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. This is possible due to a problem in the...
McAfee Web Gateway Information Disclosure Vulnerability
McAfee Web Gateway is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2014-0152
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors...
Session fixation
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors...
CVE-2014-0152
CVE-2014-0152 affects oVirt Web Admin Interface (3.4.0 and earlier). Root cause: after authentication, a new session ID is not generated and session IDs may be stored in HTML5 local storage, not protected by same-origin policy. This enables a remote attacker to hijack a logged-in user’s session v...
PT-2014-3504 · Ovirt · Ovirt
Name of the Vulnerable Software and Affected Versions: oVirt versions 3.4.0 and earlier Description: A session fixation issue in the web admin interface allows remote attackers to hijack web sessions. Recommendations: For versions 3.4.0 and earlier, update to a version later than 3.4.0 to resolve...
F5 BIG-IP 11.5.1 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross-Site Scripting product: F5 BIG-IP vulnerable version: 11.6.0 impact: Medium CVE number: CVE-2014-4023...
CVE-2014-0483
The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...
Crlf injection
The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...
CVE-2014-0483
Django CVE-2014-0483 affects the admin (contrib.admin) and arises from failing to validate whether a field represents a model relationship. This allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action on an admin change form (noted example: /ad...
CVE-2014-0483
The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...
CVE-2014-0483
The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...