Lucene search
K

7667 matches found

OpenVAS
OpenVAS
added 2016/10/10 12:0 a.m.15 views

WSO2 Carbon Products Detection (HTTP)

HTTP based detection of WSO2 Carbon products. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7AI score
Exploits0References1
myhack58
myhack58
added 2016/10/09 12:0 a.m.24 views

Django CSRF Bypass vulnerability analysis(CVE-2 0 1 6-7 4 0 1)-vulnerability warning-the black bar safety net

Author: p0wd3r know Chong Yu 4 0 4 Security lab Date: 2016-09-28 0x00 vulnerability overview 1. Vulnerability description Django is a Python written open source Web application framework. Two years ago researchers at hackerone on the submission of a use of Google Analytics to bypass Django's CSRF...

0.2AI score
Exploits0
Debian
Debian
added 2016/10/06 9:23 p.m.25 views

[SECURITY] [DLA DLA-649-1] python-django security update

Package : python-django Version : 1.4.22-1+deb7u1 CVE ID : CVE-2016-7401 It was discovered that there was a possible CSRF protection bypass on sites that use Google Analytics in python-django, a High-level Python web development framework. More information can be found in the upstream announcemen...

7.5CVSS5.3AI score0.0613EPSS
Exploits1
OSV
OSV
added 2016/10/06 12:0 a.m.13 views

DLA-649-1 python-django - security update

Bulletin has no description...

7.5CVSS7.5AI score0.0613EPSS
Exploits1
myhack58
myhack58
added 2016/10/05 12:0 a.m.35 views

Django CSRF Bypass (CVE-2 0 1 6-7 4 0 1) vulnerability analysis-vulnerability warning-the black bar safety net

Author: p0wd3r know Chong Yu 4 0 4 Security lab Date: 2016-09-28 0x00 vulnerability overview 1. Vulnerability description Djangois a Python written open source Web application framework. Two years ago researchers at hackerone on the submission of a use of Google Analytics to bypass Django's CSRF...

Exploits0
Mageia
Mageia
added 2016/10/04 12:20 p.m.41 views

Updated python-django packages fix security vulnerability

CVE-2016-7401: CSRF protection bypass on a site with Google Analytics An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection...

7.5CVSS5.6AI score0.0613EPSS
Exploits1References2
OSV
OSV
added 2016/10/04 12:20 p.m.4 views

MGASA-2016-0334 Updated python-django packages fix security vulnerability

CVE-2016-7401: CSRF protection bypass on a site with Google Analytics An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection...

7.5CVSS7.5AI score0.0613EPSS
Exploits1References3
OSV
OSV
added 2016/10/03 6:59 p.m.1 views

DEBIAN-CVE-2016-7401

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...

7.5CVSS7.3AI score0.0613EPSS
Exploits1References1
OSV
OSV
added 2016/10/03 6:59 p.m.7 views

CVE-2016-7401

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...

7.5CVSS7.5AI score
Exploits0References11
PyPA
PyPA
added 2016/10/03 6:59 p.m.5 views

PYSEC-2016-3

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...

7.5CVSS7.2AI score0.0613EPSS
Exploits1References12Affected Software1
Prion
Prion
added 2016/10/03 6:59 p.m.17 views

Cross site request forgery (csrf)

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...

5CVSS7.2AI score0.0613EPSS
Exploits1References11Affected Software3
OSV
OSV
added 2016/10/03 6:59 p.m.2 views

PYSEC-2016-3

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...

7.5CVSS7AI score0.0613EPSS
Exploits1References12
CVE
CVE
added 2016/10/03 6:0 p.m.440 views

CVE-2016-7401

The CVE describes a CSRF protection bypass in Django caused by the interaction between Google Analytics and Django’s cookie parsing. Affected versions are Django before 1.8.15 and 1.9.x before 1.9.10. Multiple connected advisories confirm the issue and provide remediation guidance: upgrading to a...

7.5CVSS7.5AI score0.0613EPSS
Exploits1References11Affected Software1
Cvelist
Cvelist
added 2016/10/03 6:0 p.m.39 views

CVE-2016-7401

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...

7.6AI score0.0613EPSS
Exploits1References11
Debian CVE
Debian CVE
added 2016/10/03 6:0 p.m.67 views

CVE-2016-7401

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies...

7.5CVSS7.9AI score0.0613EPSS
Exploits1
Kitploit
Kitploit
added 2016/10/02 2:12 p.m.47 views

osquery - SQL powered operating system instrumentation, monitoring, and analytics

osquery is an operating system instrumentation framework for OS X and Linux. The tools make low-level operating system analytics and monitoring both performant and intuitive. Platform | Build status | | | ---|---|---|---|--- OS X 10.9 | | | Homepage: | https://osquery.io OS X 10.10/11 | | |...

7.6AI score
Exploits0References1
seebug.org
seebug.org
added 2016/09/29 12:0 a.m.60 views

Django CSRF Bypass (CVE-2016-7401)

Author: p0wd3r 知道创宇404安全实验室 Date: 2016-09-28 0x00 漏洞概述 1.漏洞简介 Django是一个由Python写成的开源Web应用框架。在两年前有研究人员在hackerone上提交了一个利用Google Analytics来绕过Django的CSRF防护机制的漏洞CSRF protection bypass on any Django powered site via Google Analytics,通过该漏洞,当一个网站使用了Django作为Web框架并且设置了Django的CSRF防护机制,同时又使用了Google...

5CVSS7.7AI score0.0613EPSS
Exploits1
Symantec
Symantec
added 2016/09/29 12:0 a.m.194 views

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability

Description Apache MyFaces Trinidad is prone to a security vulnerability. Successfully exploiting this issue allows attackers to obtain sensitive information or execute arbitrary code in the context of the affected application. Apache MyFaces Trinidad 1.2.14-core , 1.0.13-core , 2.0.1-core and...

7.5CVSS1AI score0.07958EPSS
Exploits1References4Affected Software7
myhack58
myhack58
added 2016/09/28 12:0 a.m.21 views

CVE-2 0 1 6-7 4 0 1-Django CSRF Defense bypass vulnerability analysis-vulnerability warning-the black bar safety net

Django yesterday fixes this vulnerability: https://www.djangoproject.com/weblog/2016/sep/26/security-releases/ In fact, last year had similar issues, report it to Twitter https://hackerone.com/reports/14883 that vulnerability is composed of the following components. 0x01 by the Google Analytics...

0.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/09/28 12:0 a.m.44 views

FreeBSD : django -- CSRF protection bypass on a site with Google Analytics (bb022643-84fb-11e6-a4a1-60a44ce6887b)

Django Software Foundation reports : An interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

7.5CVSS7.1AI score0.0613EPSS
Exploits1References3
Rows per page
Query Builder