Debian DLA-272-1 : python-django security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework : CVE-2015-2317 Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to...

Debian DSA-3305-1 : python-django - security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework : - CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided...

[SECURITY] [DSA 3204-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3204-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 24, 2015 http://www.debian.org/security/faq -...

BEdita CMS 3.5.1 Cross Site Scripting

Affected software: BEdita CMS Type of vulnerability: cross site scripting URL: bedita.com Discovered by: Provensec Website: http://www.provensec.com Description: BEdita is a web development framework that comes with a full featured CMS out of the box. Proof of concept javascript executes on login...

November 2014 Microsoft Patch Tuesday Security Bulletins

Microsoft today provided its Patch Tuesday advanced notification, giving IT managers a head’s up about 16 bulletins that are scheduled to be delivered next week, including five rated critical for remote code execution and privilege escalation issues. The heavy patch load is an anomaly for 2014,...

OracleAS TopLink Mapping Workbench Weak Encryption Algorithm Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9515/info OracleAS TopLink Mapping Workbench is a tool included with OracleAS TopLink, a Java-based database integration development framework that is included as a component of various Oracle Application Server releases...

Qcodo Development Framework 0.3.3 Full Info Disclosure

No description provided by source...

Debian DSA-2755-1 : python-django - directory traversal

Rainer Koirikivi discovered a directory traversal vulnerability with'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWEDINCLUDEROOTS' setting, used to represent allowed prefixes for the % ssi % template tag, is...

[SECURITY] Fedora 17 Update: php-symfony-symfony-1.4.18-1.fc17

Symfony is a complete framework designed to optimize the development of web applications by way of several key features. For starters, it separates a w eb application's business rules, server logic, and presentation views. It contains numerous tools and classes aimed at shortening the development...

ThinkPHP development framework xss-vulnerability warning-the black bar safety net

Brief description: open source php development framework for default therexssvulnerabilities, leading to all use of the framework for the development of the system are presentxssvulnerability Detailed description: does not does not exist in the module handle the error properly, leading...

Debian DSA-2163-1 : python-django - multiple vulnerabilities

Several vulnerabilities were discovered in the Django web development framework : - CVE-2011-0696 For several reasons the internal CSRF protection was not used to validate AJAX requests in the past. However, it was discovered that this exception can be exploited with a combination of browser...

[SECURITY] [DSA 2163-1] python-django security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2163-1 [email protected] http://www.debian.org/security/ Nico Golde February 14, 2011 http://www.debian.org/security/faq -...

Qcodo Development Framework 0.3.3 Full Info Disclosure

Exploit for php platform in category web applications Exploit Title: Qcodo Development Framework 0.3.3 Full Info Disclosure Google Dork: allintext: /qcodo/devtools/codegen.php Date: 5/02/2011 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web:...

Qcodo Development Framework 0.3.3 - Full Information Disclosure

Exploit Title: Qcodo Development Framework 0.3.3 Full Info Disclosure Google Dork: allintext: /qcodo/devtools/codegen.php Date: 5/02/2011 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software Link: http://www.qcodo.com/ Version: Al...

Qcodo Development Framework 0.3.3 - Full Information Disclosure

Qcodo Development Framework 0.3.3 - Full Information Disclosure Exploit Title: Qcodo Development Framework 0.3.3 Full Info Disclosure Google Dork: allintext: /qcodo/devtools/codegen.php Date: 5/02/2011 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web:...

Phpcms 2 0 0 8 two SQL injection vulnerabilities-vulnerability warning-the black bar safety net

Phpcms is a leading web content management system, but also is an open-source PHP development framework. SQL injectiona In the file api/space. api. php: $arrcontent = $content-listinfo"userid='$userid'", $order, 1, 1 0; //line 7 Listinfo function in the file include/admin/ content. class. php:...

Mono ASP.NET action Attribute XSS

The remote host is running Mono, an open source, UNIX implementation of the Microsoft .NET development platform. The version of Mono installed on the remote host fails to encode user-supplied input to the URL before using it for the default 'action' of a form. An attacker may be able to leverage...

[ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion

/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV27$2006 --------------------------------------------------------------------------- ECHOADV27$2006 AngelineCMS 0.8.1 Installpath Remote File Inclusion --------------------------------------------------------------------------- Author :...