Django Admin Media Handler Vulnerable to Directory Traversal

The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL...

CVE-2009-2659

CVE-2009-2659 affects the Django Admin media handler in core/servers/basehttp.py for Django 1.0 and 0.96. The vulnerability arises from improper mapping of URL requests to static media files, enabling directory traversal and reading arbitrary files via a crafted URL. Descriptions in connected rec...

CVE-2009-2659

The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL...

CVE-2007-5828

Cross-site request forgery CSRF vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CS...

CVE-2007-5828

Cross-site request forgery (CSRF) vulnerability in Django 0.96 is exposed in the admin panel, allowing remote attackers to change passwords via a request to admin/auth/user/1/password/. The issue stems from the default configuration not enabling the CSRF protection module, though Debian notes thi...