2357 matches found
The vulnerability of the Django web application framework, which allows a hacker to trigger a denial-of-service attack
The vulnerability of the contrib.sessions.middleware.SessionMiddleware component in the Django web framework is related to a resource management error. Exploiting this vulnerability allows an attacker to cause service failures by sending a large number of requests to contrib.auth.views.logout,...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that certain Django functions would, in certain circumstances, create empty sessions. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.loginrequired. A remote attacker could use this flaw to fill up the...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that certain Django functions would, in certain circumstances, create empty sessions. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.loginrequired. A remote attacker could use this flaw to fill up the...
HooToo Tripmate HT-TM01 2.000.022 - CSRF Vulnerabilities
Exploit for php platform in category web applications Exploit Title: HooToo Tripmate HT-TM01 Cross Site Request Forgery Date: 03Sep15 Exploit Author: Ken Smith Contact: https://twitter.com/P4tchw0rk Vendor Homepage: http://www.hootoo.com Version: HT-TM01, version 2.000.022 1. Description Various...
HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery
Exploit Title: HooToo Tripmate HT-TM01 Cross Site Request Forgery Date: 03Sep15 Exploit Author: Ken Smith Contact: https://twitter.com/P4tchw0rk Vendor Homepage: http://www.hootoo.com Version: HT-TM01, version 2.000.022 1. Description Various functions in the device's admin web portal are...
HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery
HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery Exploit Title: HooToo Tripmate HT-TM01 Cross Site Request Forgery Date: 03Sep15 Exploit Author: Ken Smith Contact: https://twitter.com/P4tchw0rk Vendor Homepage: http://www.hootoo.com Version: HT-TM01, version 2.000.022 1. Description...
Debian DLA-301-1 : python-django security update
denial of service possibility in logout view by filling session store Previously, a session could be created when anonymously accessing the django.contrib.auth.views.logout view provided it wasn't decorated with django.contrib.auth.decorators.loginrequired as done in the admin. This could allow a...
DEBIAN-CVE-2015-5963
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service session store consumption or session record removal via a large number of requests to...
PYSEC-2015-22
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service session store consumption or session record removal via a large number of requests to...
PYSEC-2015-22
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service session store consumption or session record removal via a large number of requests to...
UBUNTU-CVE-2015-5963
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service session store consumption or session record removal via a large number of requests to...
PT-2015-1974 · Django Software Foundation +2 · Django +2
Name of the Vulnerable Software and Affected Versions: Django versions 1.4.x through 1.4.21 Django versions 1.7.x through 1.7.9 Django versions 1.8.x through 1.8.3 Description: The issue is related to a resource management error in the contrib.sessions.middleware.SessionMiddleware component of th...
django -- multiple vulnerabilities
Tim Graham reports: Denial-of-service possibility in logout view by filling session store Previously, a session could be created when anonymously accessing the django.contrib.auth.views.logout view provided it wasn't decorated with django.contrib.auth.decorators.loginrequired as done in the admin...
rhn_satellite_6: cross-site request forgery (CSRF) can force logout
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content...
The vulnerability of the Moodle learning management system allows a perpetrator to bypass the authentication process for arbitrary users.
The vulnerability of the auth/shibboleth/logout.php component of the Moodle learning management system is related to the。 Exploiting this vulnerability could allow a malicious actor, operating remotely, to bypass authentication procedures for arbitrary users using specially crafted requests...
Zendesk: Security Missconfiguration in Autologin
Here I am addressing Critical misconfiguration in autologin feature 1. Open the link in the browser https://dashboard.zopim.com/home and enter your username and password and don't tick select the option Always sign in automatically and login 2. now logout from your account 3. now you logged out...
CVE-2015-0218
Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...
UBUNTU-CVE-2015-0218
Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...