192 matches found
The vulnerability of the `format()` function in the Django web development framework allows a attacker to trigger a denial-of-service attack. [source-iocs-preserved method=django.utils.numberformat.format()]
The vulnerability of the django.utils.numberformat.format function in the Django web development framework is related to uncontrolled memory consumption, which can lead to a complete exhaustion of resources. Exploiting this vulnerability may allow an attacker to cause a service failure...
Django SQL Injection Vulnerability (CNVD-2020-04524)
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. A SQL injection vulnerability exists in Django versions 1.11 before 1.11.28, 2.2 before 2.2.10, an...
ALPINE-CVE-2020-7471
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...
[SECURITY] [DSA 4598-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4598-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 07, 2020 https://www.debian.org/security/faq -...
CVE-2011-4952
cobbler: Web interface lacks CSRF protection when using Django framework...
Cross site request forgery (csrf)
cobbler: Web interface lacks CSRF protection when using Django framework...
CVE-2011-4952
cobbler: Web interface lacks CSRF protection when using Django framework...
CVE-2011-4952
CVE-2011-4952 affects Cobbler: the web interface (when used with Django) lacks CSRF protection, enabling cross-site request forgery. This is documented across multiple sources (SUSE security page, GHSA, OSV, CNVD, and NVD references) and aligns with advisories noting the Django-based web interfac...
CVE-2011-4952
cobbler: Web interface lacks CSRF protection when using Django framework...
Aura-Botnet - A Super Portable Botnet Framework With A Django-based C2 Server
Aura Botnet C2 Server The botnet's C2 server utilizes the Django framework as the backend. It is far from the most efficient web server, but this is offset by the following: Django is extremely portable and therefore good for testing/educational purposes. The server and database are contained...
Django SQL Injection Vulnerability
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. Django has a SQL injection vulnerability that can be exploited by an attacker to execute SQL...
Django input validation error vulnerability (CNVD-2019-35881)
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. Django suffers from an input validation error vulnerability. An attacker can exploit this...
The vulnerability of the `django.http.HttpRequest.scheme` component in the Django library for the Python programming language allows attackers to access protected information.
The vulnerability of the django.http.HttpRequest.scheme component in the Django library for the Python programming language is related to errors in handling HTTP requests when these are identified as HTTPS requests. Exploiting this vulnerability can allow an attacker to gain access to protected...
django: Open redirect possibility in CommonMiddleware
When using the django.middleware.common.CommonMiddleware class with the APPENDSLASH setting enabled, Django projects which accept paths ending in a slash may be vulnerable to an unvalidated HTTP redirect...
DEBIAN-CVE-2019-3498
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 2017...
Django Open Redirect Vulnerability
Django is a set of Django Software Foundation based on the Python language open source Web application framework. The framework includes object-oriented mapper , view system , template system and so on. An open redirection vulnerability exists in django.middleware.common.CommonMiddleware in Djang...
PYSEC-2018-2
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect...
Zulip Server Cross-Site Scripting Vulnerability
Zulip Server is a set of open source group chat application written in Python based on the Django framework . A cross-site scripting vulnerability exists in versions of Zulip Server prior to 1.7.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
CVE-2018-7537
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars and words methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a...