[SECURITY] [DSA 3010-1] python-django security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3010-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 22, 2014 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3010-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3010-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 22, 2014 http://www.debian.org/security/faq -...

DSA-3010-1 python-django - security update

Bulletin has no description...

Debian Security Advisory DSA 3010-1 (python-django - security update)

Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0480 Florian Apolloner discovered that in certain situations, URL reversing could generate scheme-relative...

django -- multiple vulnerabilities

The Django project reports: These releases address an issue with reverse generating external URLs; a denial of service involving file uploads; a potential session hijacking issue in the remote-user middleware; and a data leak in the administrative interface. We encourage all users of Django to...

CVE-2014-3339

The CVE-2014-3339 issue affects Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS). The root cause is insufficient sanitization of user-supplied input in the administrative web interface, enabling an authenticated, remote attacker to perform SQL injection on unspec...

eXtremail <= 2.1.1 (LOGIN) Remote Stack Overflow Exploit

No description provided by source. / extremail-v4.c Copyright c 2006 by [email protected] eXtremail =2.1.1 remote root exploit x86-lnx by mu-b - Sun Oct 08 2006 - Tested on: eXtremail 2.1.1 lnx Overflow in LOGIN command of admin interface. - Private Source Code -DO NOT DISTRIBUTE -...

Netgear ProSafe - Denial of Service Vulnerability

No description provided by source. !/usr/bin/python Netgear ProSafe - CVE-2013-4776 PoC written by Juan J. Guelfo @ Encripto AS [email protected] Copyright 2013 Encripto AS. All rights reserved. This software is licensed under the FreeBSD license. http://www.encripto.no/tools/license.php import sy...

Sun Java Web Server 7.0 u7 Admin Interface DoS

No description provided by source. Sun Java Web Sever 7.0 u7 Admin Interface DOS Software Package sjsws-70u7-windows-i586.zip 4fb8d1fb700d5649234a2891a4ecedea While attempting to verify http://www.exploit-db.com/exploits/14194/ which was not verified, I stumbled across this semi amusing DOS:...

Tektronix Phaser 740/750/850/930 Network Printer Administration Interface Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2659/info A remote vulnerability exists in Tektronix Phaser network printers in the 7xx, 8xx, and 9xx series. An attacker with access to the printer's local network or, if no firewall is in place, any attacker can reach t...

FortiGate Firewall 2.x listdel Admin Interface XSS

No description provided by source. source: http://www.securityfocus.com/bid/9033/info Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface. These issues could be exploited by enticing an administrative user to follow a malicious...

FortiGate Firewall 2.x dlg Admin Interface XSS

No description provided by source. source: http://www.securityfocus.com/bid/9033/info Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface. These issues could be exploited by enticing an administrative user to follow a malicious...

MyAuth3 - Blind SQL Injection

No description provided by source. Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdot org | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true...

AWBS 2.9.2 (cart.php) Blind SQL Injection Vulnerability

No description provided by source. AWBS 2.9.2 Blind SQL Injection 0day ============================================================================================= Dork....: inurl:/cart?ca=addother&oid= Date....: 01-16-2011 Author..: ShivX Contact.: shivanxatgmaildotcom Vendor..:...

Sysax <= 5.62 Admin Interface Local Buffer Overflow

No description provided by source. !/usr/bin/python Title: Sysax = 5.62 Admin Interface Local Buffer Overflow Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit Date Discovered: June 15, 2012 Vendor Contacted: June 19, 2012 Details:...

Softbiz Classifieds Script admin/index.php msg Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/32569/info Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary scri...

NETGEAR Wireless Cable Modem Gateway Auth Bypass and CSRF

No description provided by source. Sense of Security - Security Advisory - SOS-11-011 Release Date. 20-Sep-2011 Last Update. - Vendor Notification Date. 22-Mar-2011 Product. NETGEAR Wireless Cable Modem Gateway CG814WG Affected versions. Hardware 1.03, Software V3.9.26 R14 verified, possibly othe...

ovirt-engine-webadmin: session fixation

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2014-2084

Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to 1 scripts/commands/getSystemInformation or 2...

CVE-2014-2084

Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to 1 scripts/commands/getSystemInformation or 2...