[SECURITY] [DLA 2622-1] python-django security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2622-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 09, 2021 https://wiki.debian.org/LTS -...

File Upload Vulnerability in PowerSoft's Agile Development Framework

PowerSoft Agile Development Framework is a set of software system projects based on intelligent scalable components, suitable for enterprise management software and Internet platform back-end system development, the framework provides a perfect permissions role management functions, rapid...

Debian DLA-2569-1 : python-django security update

It was discovered that there was a web cache poisoning attack in Django, a popular Python-based web development framework. This was caused by the unsafe handling of ';' characters in Python's urllib.parse.parseqsl method which had been backported to Django's codebase to fix some other security...

Debian DLA-2540-1 : python-django security update

It was discovered that there was a potential directory-traversal in Django, a Python-based web development framework. For Debian 9 'Stretch', this problem has been fixed in version 1:1.10.7-2+deb9u10. We recommend that you upgrade your python-django packages. For the detailed security status of...

CVE-2020-14764

Vulnerability in the Hyperion Planning product of Oracle Hyperion component: Application Development Framework. The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Planning...

File Upload Vulnerability in eFrameWork

eFrameWork is a development framework for B/S application and web development. A file upload vulnerability exists in eFrameWork, which can be exploited by an attacker to gain control of the web server...

Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2020 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Oracle Flow Builder Jython. Supported versions that are affected are...

Oracle JDeveloper and ADF Unauthorized Access Vulnerability

Oracle JDeveloper is an integrated development environment that provides end-to-end support for modeling, developing, debugging, optimizing, and deploying Java applications and Web services.Oracle ADF is an end-to-end Java EE framework that simplifies application development by providing...

PT-2019-3753 · Oracle · Adf +2

Name of the Vulnerable Software and Affected Versions: Oracle JDeveloper and ADF versions 11.1.1.9.0 through 12.2.1.3.0 Description: The issue is related to insufficient access control in the OAM component of Oracle JDeveloper and ADF, allowing a remote attacker to gain unauthorized access to...

Debian: Security Advisory (DLA-1872-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Stored cross-site scripting vulnerability in WODECMS front-end ne***.cl***.php file

WODECMS is a content management system developed based on a self-developed PHP development framework. A stored cross-site scripting vulnerability exists in the WODECMS front-end ne.cl.php file. An attacker can insert malicious js code into the page to obtain user cookies and other information,...

Debian: Security Advisory (DSA-4363-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1629-1 : python-django security update

It was discovered that there was a content-spoofing vulnerability in the default 404 pages in the Django web development framework. For more information, please see : https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ For Debian 8 'Jessie', this issue has been fixed in...

Debian DSA-4264-1 : python-django - security update

Andreas Hug discovered an open redirect in Django, a Python web development framework, which is exploitable ifdjango.middleware.common.CommonMiddleware is used and the APPENDSLASH setting is enabled. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Debian: Security Advisory (DSA-4264-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: pkgconf-1.3.9-1.fc25

pkgconf is a program which helps to configure compiler and linker flags for development frameworks. It is similar to pkg-config from freedesktop.org and handles .pc files in a similar manner as pkg-config...

USN-3254-1: Django vulnerabilities

It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...

Eclipse Development Framework File Inclusion Vulnerability

Eclipse is an extensible Java-based development platform that supports the development of JAVA, PHP, C++ and other languages. The Eclipse development framework has a file inclusion vulnerability that allows attackers to exploit the vulnerability to obtain sensitive information or launch further...

[SECURITY] [DSA 3544-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3544-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 07, 2016 https://www.debian.org/security/faq -...

Debian DLA-349-1 : python-django security update

It was discovered that there was a potential settings leak in date template filter of Django, a web-development framework. If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, e.g. lastupdated|date:userdateformat , then a malicious...