Lucene search
K

192 matches found

BDU FSTEC
BDU FSTEC
added 2020/02/27 12:0 a.m.26 views

The vulnerability of the `format()` function in the Django web development framework allows a attacker to trigger a denial-of-service attack. [source-iocs-preserved method=django.utils.numberformat.format()]

The vulnerability of the django.utils.numberformat.format function in the Django web development framework is related to uncontrolled memory consumption, which can lead to a complete exhaustion of resources. Exploiting this vulnerability may allow an attacker to cause a service failure...

7.8CVSS6.4AI score0.05399EPSS
Exploits0References9Affected Software5
CNVD
CNVD
added 2020/02/06 12:0 a.m.4 views

Django SQL Injection Vulnerability (CNVD-2020-04524)

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. A SQL injection vulnerability exists in Django versions 1.11 before 1.11.28, 2.2 before 2.2.10, an...

9.8CVSS9.1AI score0.65336EPSS
Exploits9References1
OSV
OSV
added 2020/02/03 12:15 p.m.5 views

ALPINE-CVE-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

9.8CVSS7.9AI score0.65336EPSS
Exploits9References1
Debian
Debian
added 2020/01/07 9:36 p.m.98 views

[SECURITY] [DSA 4598-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4598-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 07, 2020 https://www.debian.org/security/faq -...

9.8CVSS9.5AI score0.3481EPSS
Exploits7
NVD
NVD
added 2019/11/19 4:15 p.m.20 views

CVE-2011-4952

cobbler: Web interface lacks CSRF protection when using Django framework...

8.8CVSS8.8AI score0.0063EPSS
Exploits0References4
Prion
Prion
added 2019/11/19 4:15 p.m.9 views

Cross site request forgery (csrf)

cobbler: Web interface lacks CSRF protection when using Django framework...

6.8CVSS7.1AI score0.0063EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/11/19 4:15 p.m.18 views

CVE-2011-4952

cobbler: Web interface lacks CSRF protection when using Django framework...

8.8CVSS7.2AI score0.0063EPSS
Exploits0References1
CVE
CVE
added 2019/11/19 3:29 p.m.66 views

CVE-2011-4952

CVE-2011-4952 affects Cobbler: the web interface (when used with Django) lacks CSRF protection, enabling cross-site request forgery. This is documented across multiple sources (SUSE security page, GHSA, OSV, CNVD, and NVD references) and aligns with advisories noting the Django-based web interfac...

8.8CVSS8.6AI score0.0063EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2019/11/19 3:29 p.m.23 views

CVE-2011-4952

cobbler: Web interface lacks CSRF protection when using Django framework...

8.8AI score0.0063EPSS
Exploits0References4
Kitploit
Kitploit
added 2019/09/17 8:0 p.m.137 views

Aura-Botnet - A Super Portable Botnet Framework With A Django-based C2 Server

Aura Botnet C2 Server The botnet's C2 server utilizes the Django framework as the backend. It is far from the most efficient web server, but this is offset by the following: Django is extremely portable and therefore good for testing/educational purposes. The server and database are contained...

7.3AI score
Exploits0References5
CNVD
CNVD
added 2019/08/05 12:0 a.m.3 views

Django SQL Injection Vulnerability

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. Django has a SQL injection vulnerability that can be exploited by an attacker to execute SQL...

9.8CVSS8.3AI score0.47694EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/02 12:0 a.m.3 views

Django input validation error vulnerability (CNVD-2019-35881)

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. Django suffers from an input validation error vulnerability. An attacker can exploit this...

7.5CVSS6.7AI score0.03172EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/07/16 12:0 a.m.7 views

The vulnerability of the `django.http.HttpRequest.scheme` component in the Django library for the Python programming language allows attackers to access protected information.

The vulnerability of the django.http.HttpRequest.scheme component in the Django library for the Python programming language is related to errors in handling HTTP requests when these are identified as HTTPS requests. Exploiting this vulnerability can allow an attacker to gain access to protected...

5.3CVSS7.2AI score0.01697EPSS
Exploits0References7Affected Software4
RedHat Linux
RedHat Linux
added 2019/02/04 11:51 p.m.6 views

django: Open redirect possibility in CommonMiddleware

When using the django.middleware.common.CommonMiddleware class with the APPENDSLASH setting enabled, Django projects which accept paths ending in a slash may be vulnerable to an unvalidated HTTP redirect...

6.1CVSS7.1AI score0.2549EPSS
Exploits0References5
OSV
OSV
added 2019/01/09 11:29 p.m.2 views

DEBIAN-CVE-2019-3498

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...

6.5CVSS6.7AI score0.03685EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2018/08/27 12:0 a.m.46 views

Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection

------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 2017...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/08/07 12:0 a.m.5 views

Django Open Redirect Vulnerability

Django is a set of Django Software Foundation based on the Python language open source Web application framework. The framework includes object-oriented mapper , view system , template system and so on. An open redirection vulnerability exists in django.middleware.common.CommonMiddleware in Djang...

6.1CVSS5.8AI score0.2549EPSS
Exploits0References1
PyPA
PyPA
added 2018/08/03 5:29 p.m.7 views

PYSEC-2018-2

django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect...

6.1CVSS7AI score0.2549EPSS
Exploits0References7Affected Software1
CNVD
CNVD
added 2018/04/19 12:0 a.m.2 views

Zulip Server Cross-Site Scripting Vulnerability

Zulip Server is a set of open source group chat application written in Python based on the Django framework . A cross-site scripting vulnerability exists in versions of Zulip Server prior to 1.7.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

5.4CVSS6AI score0.00746EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2018/03/09 8:0 p.m.111 views

CVE-2018-7537

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...

5.3CVSS5.6AI score0.0462EPSS
Exploits0
Rows per page
Query Builder