python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs

A redirect flaw, where the issafeurl function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard...

The vulnerability of the hw/virtio/virtio-crypto.c component of the QEMU hardware emulation driver allows a attacker to trigger a service failure or execute arbitrary code.

The vulnerability of the hw/virtio/virtio-crypto.c component of the QEMU hardware emulation software is caused by a numerical overflow. Exploiting this vulnerability can allow an attacker acting locally to cause a service failure abrupt process termination or execute arbitrary code using a...

The vulnerability of the soundtrigger/ISoundTriggerHwService.cpp component in the Android operating system, which allows a hacker to trigger a service failure.

The vulnerability of the soundtrigger/ISoundTriggerHwService.cpp component in the Android operating system is caused by a numerical overflow. Exploiting this vulnerability could allow an attacker to trigger a service failure using undefined vectors...

python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs

A redirect flaw, where the issafeurl function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard...

python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs

A redirect flaw, where the issafeurl function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard...

python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs

A redirect flaw, where the issafeurl function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard...

Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs

A redirect flaw, where the issafeurl function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard...

The numeric tech support scam campaign

There are many different tech support scam TSS campaigns active at any given moment, the majority of them are fueled by malicious adverts the browser lockers, or bundled software the screen lockers. Something interesting happened recently, where legitimate - but hacked - websites would redirect t...

Disk Pulse 9.7.26 - 'Add Directory' Local Buffer Overflow

!/usr/bin/python Exploit Title: Disk Pulse v9.7.26 - Add Directory Local Buffer Overflow Date: 12-06-2017 Exploit Author: abatchy17 -- @abatchy17 Vulnerable Software: Disk Pulse v9.7.26 Freeware, Pro, Ultimate Vendor Homepage: http://www.diskpulse.com/ Version: 9.7.14 Software Link:...

The vulnerability of Qualcomm’s TrustZone microprogramming software technology, which allows attackers to circumvent existing access control policies.

The vulnerability of Qualcomm’s TrustZone microprogramming software lies in a numerical overflow condition that causes an operation to escape outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to bypass existing access control policies...

The vulnerability of Qualcomm’s TrustZone microprogramming software technology allows a intruder to trigger a service failure or exert other effects on the system.

The vulnerability of Qualcomm’s TrustZone microprogramming software’s Android Secure Execution Environment from the CAF repository is due to a numerical overflow. Exploiting this vulnerability could allow an attacker to cause a system failure or otherwise affect the system...

The vulnerability of Qualcomm’s TrustZone microprogramming software technology allows a intruder to trigger a service failure or exert other effects on the system.

The vulnerability of the TrustZone technology a part of the DRM subsystem of Qualcomm’s Secure Execution Environment for Android, as provided in the CAF repository, is due to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to cause a system failure or exert...

The vulnerability of Novell GroupWise software for collaborative work allows a perpetrator to execute arbitrary code.

The vulnerability of Novell GroupWise software for collaborative work is due to a numerical overflow condition. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code using the long user name or password...

Privilege Escalation

github.com/opencontainers/runc is vulnerable to privilege escalation attacks. These attacks are possible because github.com/opencontainers/runc treats a numeric UID as a potential username. This allows local users to gain privileges though a numeric username in the password file. This transitivel...

The vulnerabilities of programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud allow attackers to execute arbitrary code.

The vulnerability of CCITT programs for viewing and editing PDF files, such as Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud, is due to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

CVE-2017-5063

A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

Updated python-django packages fix security vulnerability

It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...

Open Redirect And Cross-site Scripting (XSS)

django is vulnerable to open redirect and cross-site scripting XSS attacks.The library's security check for redirects considers certain numeric URLs as safe, allowing a malicious user to cause an open redirect or cross-site scripting attack via URL linking...

USN-3254-1 python-django vulnerabilities

It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...