7 matches found
GHSA-JR83-VR4J-MP6P web2py exposure of sensitive information
web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...
web2py exposure of sensitive information
web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...
Ubuntu: Security Advisory (USN-4030-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...
CVE-2016-3954
web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...
CVE-2016-3957
Web2py
CVE-2016-3954
web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...