EUVD-2012-0004

Malware in sbrugna...

EUVD-2015-4408

Malware in sbrugna...

Django Image Field Vulnerable to Image Decompression Bombs

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...

GHSA-7MJ4-2984-955F Withdrawn Advisory: AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field

Withdrawn Advisory This advisory has been withdrawn because it does not describe a vulnerability. The maintainer states the following: The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected a...

Foxit Reader ImageField Node Information Disclosure Vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. An information disclosure vulnerability exists in the ImageField node of the XFA in Foxit Reader version 8.3.2.25013, which is caused by the program failing to load the correct resource. The vulnerability can be...

CVE-2017-16580

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2017-16580

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2015-4385

Cross-site scripting XSS vulnerability in unspecified administration pages in the Imagefield Info module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "Administer image styles" permission to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in unspecified administration pages in the Imagefield Info module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "Administer image styles" permission to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-4385

The CVE concerns the Drupal Imagefield Info module (7.x-1.x) prior to 7.x-1.2. The issue is an XSS vulnerability in unspecified administration pages caused by inadequate sanitization, allowing remote authenticated users with the Administer image styles permission to inject arbitrary scripts or HT...

CVE-2015-4385

Cross-site scripting XSS vulnerability in unspecified administration pages in the Imagefield Info module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "Administer image styles" permission to inject arbitrary web script or HTML via unspecified vectors...

Drupal Imagefield Info Module Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP. A cross-site scripting vulnerability exists in Drupal Imagefield Info, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive information...

Imagefield Info - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-088

Imagefield Info module enables you to view image field paths so you can easily use them with a WYSIWYG editor. The module doesn't sufficiently sanitize user supplied text in some administration pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fa...

Debian Security Advisory DSA 2529-1 (python-django - several vulnerabilities)

Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework. The Common Vulnerabilities and Exposures project defines the following issues: CVE-2012-3442Two functions do not validate the scheme of a redirect target, which might allow remote attackers to conduct...

Mandriva Update for python-django MDVSA-2012:143 (python-django)

Check for the Version of python-django OpenVAS Vulnerability Test Mandriva Update for python-django MDVSA-2012:143 python-django Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

[SECURITY] [DSA 2529-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2529-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 14, 2012 http://www.debian.org/security/faq -...

Django跨站脚本执行和两个拒绝服务漏洞

BUGTRAQ ID: 54742 CVE ID: CVE-2012-3442,CVE-2012-3443,CVE-2012-3444 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django 1.3和1.4及其他版本在实现上存在两个安全漏洞，可被恶意用户利用执行跨站脚本攻击和拒绝服务。 1）验证框架中的login或logout试图的重定向功能内传递的输入，在重定向到"data:" scheme URL后没有正确过滤就返回给用户。 2）解压图形时，ImageField类中的图形验证中存在错误，可被利用消耗大量内存资源。...

DEBIAN-CVE-2012-3443

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...

CVE-2012-3443

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...

PYSEC-2012-3

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...