Lucene search
K

22 matches found

OpenVAS
OpenVAS
added 2020/06/23 12:0 a.m.33 views

Fedora: Security Advisory for python-django (FEDORA-2020-2e7d30f7aa)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS7.3AI score0.65336EPSS
Exploits15References2
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.79 views

GLSA-202004-17 : Django: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202004-17 Django: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by sending specially crafted input,...

9.8CVSS6.7AI score0.65336EPSS
Exploits15References10
GithubExploit
GithubExploit
added 2020/01/18 1:32 p.m.165 views

Exploit for Weak Password Recovery Mechanism for Forgotten Password in Djangoproject Django

djangocve201919844poc PoC for CVE-2019-19844https://ww...

9.8CVSS0.4AI score0.3481EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2020/01/17 12:0 a.m.38 views

Fedora 31 : python-django (2020-adb4f0143a)

fix CVE-2019-19844 rhbz1788426 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...

9.8CVSS6.8AI score0.3481EPSS
Exploits7References2
vulnersOsv
vulnersOsv
added 2020/01/16 10:35 p.m.4 views

atila-vue (>=0.1.3 <=0.1.3.5), contrail (>=0.3.0 <=1.0.2) +27 more potentially affected by CVE-2019-19844 via django (>=3.0.0 <=3.0.0rc1)

django PYPI version =3.0.0, =0.1.3, =0.3.0, =0.1.1, =0.0.1, =0.0.1, =0.2.1, =0.8.0, =0.7.0, =0.10.0, =0.5.0, =0.6.4 and more Source cves: CVE-2019-19844 Source advisory: OSV:GHSA-VFQ6-HQ5R-27R6...

9.8CVSS6.7AI score0.3481EPSS
Exploits7
vulnersOsv
vulnersOsv
added 2020/01/16 10:35 p.m.4 views

a3m (=0.1.0), aa-fleet (>=1.0.0 <=1.1.0) +799 more potentially affected by CVE-2019-19844 via django (>=2.0.0 <=2.2.8)

django PYPI version =2.0.0, =1.0.0, =1.1.12, =0.1.0a0, =0.1.0a0, =1.2.0a1, =2.0.0, =0.1.0, =1.1.0, =1.4.1, =1.6.0 - aiida-crystal17 =0.11.0 and more Source cves: CVE-2019-19844 Source advisory: OSV:GHSA-VFQ6-HQ5R-27R6...

9.8CVSS6.6AI score0.3481EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2020/01/08 12:0 a.m.35 views

Debian DSA-4598-1 : python-django - security update

Simon Charette reported that the password reset functionality in Django, a high-level Python web development framework, uses a Unicode case-insensitive query to retrieve accounts matching the email address requesting the password reset. An attacker can take advantage of this flaw to potentially...

9.8CVSS6.9AI score0.3481EPSS
Exploits7References7
Debian
Debian
added 2020/01/07 9:36 p.m.45 views

[SECURITY] [DSA 4598-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4598-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 07, 2020 https://www.debian.org/security/faq -...

5CVSS1.6AI score0.3481EPSS
Exploits7
Debian
Debian
added 2020/01/07 9:36 p.m.98 views

[SECURITY] [DSA 4598-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4598-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 07, 2020 https://www.debian.org/security/faq -...

9.8CVSS9.5AI score0.3481EPSS
Exploits7
GithubExploit
GithubExploit
added 2019/12/25 10:5 a.m.108 views

Exploit for Weak Password Recovery Mechanism for Forgotten Password in Djangoproject Django

djangocve201919844poc PoC for CVE-2019-19844https://www...

9.8CVSS9.6AI score0.3481EPSS
Exploits7
Circl
Circl
added 2019/12/24 12:0 a.m.33 views

CVE-2019-19844

creationtimestamp| type| source ---|---|--- 2019-12-24 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47879 2019-12-25 17:34:13+00:00| published-proof-of-concept| https://t.me/antichat/7495 2019-12-25 17:50:39+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/3584...

9.8CVSS6.7AI score0.3481EPSS
Exploits7References6
0day.today
0day.today
added 2019/12/24 12:0 a.m.117 views

Django < 3.0 < 2.2 < 1.11 - Account Hijack Vulnerability

Exploit for python platform in category web applications Django from django.contrib.auth import getusermodel User = getusermodel User.objects.createuser'mike123', 'email protected', 'test123' Procedure For Reproducing 1. Run ./manage.py runserver 1. Open...

5CVSS0.6AI score0.3481EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/12/24 12:0 a.m.154 views

Django &lt; 3.0 &lt; 2.2 &lt; 1.11 - Account Hijack

EDB Note Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47879.zip djangocve201919844poc PoC for CVE-2019-19844 Requirements - Python 3.7.x - PostgreSQL 9.5 or higher Setup 1. Create databasee.g. djangocve201919844poc 1. Set the database name to the...

9.8CVSS9.6AI score0.3481EPSS
Exploits7
exploitpack
exploitpack
added 2019/12/24 12:0 a.m.58 views

Django 3.0 2.2 1.11 - Account Hijack

Django 3.0 2.2 1.11 - Account Hijack EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47879.zip djangocve201919844poc PoC for CVE-2019-19844 Requirements - Python 3.7.x - PostgreSQL 9.5 or higher Setup 1. Create databasee.g. djangocve201919844p...

5CVSS9.6AI score0.3481EPSS
Exploits7
GithubExploit
GithubExploit
added 2019/12/21 4:30 a.m.111 views

Exploit for Weak Password Recovery Mechanism for Forgotten Password in Djangoproject Django

djangocve201919844poc PoC for CVE-2019-19844https://www...

9.8CVSS9.6AI score0.3481EPSS
Exploits7
OpenVAS
OpenVAS
added 2019/12/19 12:0 a.m.43 views

Django Account Hijacking Vulnerability - Windows

Django is prone to an account hijacking vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django";...

9.8CVSS9.5AI score0.3481EPSS
Exploits7References1
OSV
OSV
added 2019/12/18 7:15 p.m.2 views

DEBIAN-CVE-2019-19844

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address that is equal to an existing user's email address after case transformation of Unicode characters would allow an attacker to be sent a password reset token for the matched user...

9.8CVSS6.8AI score0.3481EPSS
Exploits7References1
vulnersOsv
vulnersOsv
added 2019/12/18 7:15 p.m.4 views

acclaim-badges (=0.1.0), admindjango-ckeditor-blog (=0.1.0) +158 more potentially affected by CVE-2019-19844 via django (>=1.10.0 <=1.11.26)

django PYPI version =1.10.0, =0.2.0.dev20181221, =0.1.0b2696.post0.dev1, =0.2.1, =3.1.4, =2.0.0, =0.3.1, =0.0.19, =0.0.24 and more Source cves: CVE-2019-19844 Source advisory: OSV:PYSEC-2019-16...

9.8CVSS6.7AI score0.3481EPSS
Exploits7
vulnersOsv
vulnersOsv
added 2019/12/18 7:15 p.m.10 views

a3m (=0.1.0), aa-fleet (>=1.0.0 <=1.1.0) +673 more potentially affected by CVE-2019-19844 via django (>=2.2.0 <=2.2.8)

django PYPI version =2.2.0, =1.0.0, =1.1.12, =0.1.0a0, =0.1.0a0, =1.2.0a1, =2.0.0, =0.1.0, =1.1.0, =1.4.1, =1.6.0 - aiida-crystal17 =0.11.0 and more Source cves: CVE-2019-19844 Source advisory: OSV:PYSEC-2019-16...

9.8CVSS6.6AI score0.3481EPSS
Exploits7
Debian CVE
Debian CVE
added 2019/12/18 6:7 p.m.34 views

CVE-2019-19844

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address that is equal to an existing user's email address after case transformation of Unicode characters would allow an attacker to be sent a password reset token for the matched user...

9.8CVSS7.6AI score0.3481EPSS
Exploits7
Rows per page
Query Builder