7667 matches found
WSO2 Carbon Products Detection (HTTP)
HTTP based detection of WSO2 Carbon products. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Django CSRF Bypass vulnerability analysis(CVE-2 0 1 6-7 4 0 1)-vulnerability warning-the black bar safety net
Author: p0wd3r know Chong Yu 4 0 4 Security lab Date: 2016-09-28 0x00 vulnerability overview 1. Vulnerability description Django is a Python written open source Web application framework. Two years ago researchers at hackerone on the submission of a use of Google Analytics to bypass Django's CSRF...
[SECURITY] [DLA DLA-649-1] python-django security update
Package : python-django Version : 1.4.22-1+deb7u1 CVE ID : CVE-2016-7401 It was discovered that there was a possible CSRF protection bypass on sites that use Google Analytics in python-django, a High-level Python web development framework. More information can be found in the upstream announcemen...
DLA-649-1 python-django - security update
Bulletin has no description...
Django CSRF Bypass (CVE-2 0 1 6-7 4 0 1) vulnerability analysis-vulnerability warning-the black bar safety net
Author: p0wd3r know Chong Yu 4 0 4 Security lab Date: 2016-09-28 0x00 vulnerability overview 1. Vulnerability description Djangois a Python written open source Web application framework. Two years ago researchers at hackerone on the submission of a use of Google Analytics to bypass Django's CSRF...
Updated python-django packages fix security vulnerability
CVE-2016-7401: CSRF protection bypass on a site with Google Analytics An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection...
MGASA-2016-0334 Updated python-django packages fix security vulnerability
CVE-2016-7401: CSRF protection bypass on a site with Google Analytics An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection...
DEBIAN-CVE-2016-7401
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
CVE-2016-7401
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
PYSEC-2016-3
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
Cross site request forgery (csrf)
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
PYSEC-2016-3
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
CVE-2016-7401
The CVE describes a CSRF protection bypass in Django caused by the interaction between Google Analytics and Django’s cookie parsing. Affected versions are Django before 1.8.15 and 1.9.x before 1.9.10. Multiple connected advisories confirm the issue and provide remediation guidance: upgrading to a...
CVE-2016-7401
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
CVE-2016-7401
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...
osquery - SQL powered operating system instrumentation, monitoring, and analytics
osquery is an operating system instrumentation framework for OS X and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive. Platform | Build status | | | ---|---|---|---|--- OS X 10.9 | | | Homepage: | https://osquery.io OS X 10.10/11 | | |...
Django CSRF Bypass (CVE-2016-7401)
Author: p0wd3r 知道创宇404安全实验室 Date: 2016-09-28 0x00 漏洞概述 1.漏洞简介 Django是一个由Python写成的开源Web应用框架。在两年前有研究人员在hackerone上提交了一个利用Google Analytics来绕过Django的CSRF防护机制的漏洞CSRF protection bypass on any Django powered site via Google Analytics,通过该漏洞,当一个网站使用了Django作为Web框架并且设置了Django的CSRF防护机制,同时又使用了Google...
Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
Description Apache MyFaces Trinidad is prone to a security vulnerability. Successfully exploiting this issue allows attackers to obtain sensitive information or execute arbitrary code in the context of the affected application. Apache MyFaces Trinidad 1.2.14-core , 1.0.13-core , 2.0.1-core and...
CVE-2 0 1 6-7 4 0 1-Django CSRF Defense bypass vulnerability analysis-vulnerability warning-the black bar safety net
Django yesterday fixes this vulnerability: https://www.djangoproject.com/weblog/2016/sep/26/security-releases/ In fact, last year had similar issues, report it to Twitter https://hackerone.com/reports/14883 that vulnerability is composed of the following components. 0x01 by the Google Analytics...
FreeBSD : django -- CSRF protection bypass on a site with Google Analytics (bb022643-84fb-11e6-a4a1-60a44ce6887b)
Django Software Foundation reports : An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...