CVE-2009-3695

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

CVE-2009-3695

This CVE covers the Django forms library vulnerability where the regex used to validate EmailField and URLField can backtrack excessively, causing high CPU and potential denial of service. Affected versions are Django 1.0 before 1.0.4 and 1.1 before 1.1.1. The issue stems from algorithmic complex...

DSA-1905-1 python-django - denial of service

Bulletin has no description...

django -- denial-of-service attack

Django project reports: Django's forms library includes field types which perform regular-expression-based validation of email addresses and URLs. Certain addresses/URLs could trigger a pathological performance case in these regular expression, resulting in the server process/thread becoming...

XSS and Content Spoofing vulnerabilities in CKEditor

Hello 3APA3A! I want to warn you about Cross-Site Scripting and Content Spoofing vulnerabilities in CKEditor. XSS: This is Persistent XSS vulnerability. Attack is conducting via placing link with setting the style. a href="http://test"...

Phishing Tool

Added: 09/23/2009 Background This tool serves an HTML form which collects information from users. It allows you to either replicate a real web page, or specify a custom header graphic, a custom footer graphic, and an introductory text message. For best results, design the HTML form to look like a...

tomcat6 Information disclosure in authentication classes

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...

CVE-2008-7235

Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04...

CVE-2008-7235

Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04...

CVE-2008-7235

CVE-2008-7235 affects Oracle Forms in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3. The vulnerability is described as unspecified, with remote attackers able to affect integrity via unknown vectors (aka AS04). The connected records confirm the affected stack but Do not provide c...

Cross site scripting

Cross-site scripting XSS vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition TMG MBE; and Internet Security and Acceleration ISA Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote...

CVE-2009-0237

Cross-site scripting XSS vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition TMG MBE; and Internet Security and Acceleration ISA Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote...

Oracle Forms Cross site Scripting in (iFcgi60.exe / f60servlet)

Oracle Forms Cross site Scripting in iFcgi60.exe / f60servlet About: Oracle Forms is a tool somewhat like Visual Basic in appearance, but the code inside is PL/SQL which allows a developer to quickly create user-interface applications which access an Oracle database in a very efficient and...

Oracle Forms Cross Site Scripting

Oracle Forms Cross site Scripting in iFcgi60.exe / f60servlet About: Oracle Forms is a tool somewhat like Visual Basic in appearance, but the code inside is PL/SQL which allows a developer to quickly create user-interface applications which access an Oracle database in a very efficient and...

Prozilla Software Directory - Cross-Site Scripting SQL Injection

Prozilla Software Directory - Cross-Site Scripting SQL Injection ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

Mozilla Firefox Multiple Vulnerabilities (Jul 2008) - Linux

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Seamonkey Multiple Vulnerabilities (Jul 2008) - Linux

Mozilla Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Multiple Vulnerability July-08 (Windows)

The host is installed with Mozilla Firefox browser, that is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbfirefoxmultvulnjuly08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Mozilla Firefox Multiple Vulnerability July-08 Windows Authors: Chandan S Copyright: Copyright c 2008...

Mozilla Seamonkey Multiple Vulnerability July-08 (Windows)

The host is installed with Mozilla Seamonkey, that is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbseamonkeymultvulnjuly08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Mozilla Seamonkey Multiple Vulnerability July-08 Windows Authors: Chandan S Copyright: Copyright c 2008...