Lucene search
+L

9 matches found

Github Security Blog
Github Security Blog
added 2022/05/01 5:44 p.m.21 views

Django Arbitrary Code Execution

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...

7.5CVSS8AI score0.0156EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/01 12:0 a.m.15 views

Django Arbitrary Code Execution

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...

7.5CVSS7.6AI score0.0156EPSS
Exploits0References7Affected Software1
CNVD
CNVD
added 2020/05/11 12:0 a.m.3 views

SQL Injection Vulnerability in Easy B2C Mall System V1.1 version po***.php

Easy B2C mall system is a mall system based on open source framework development. Easy B2C mall system V1.1 version po.php SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...

7.9AI score
Exploits0
Fedora
Fedora
added 2007/11/13 12:5 a.m.52 views

[SECURITY] Fedora 7 Update: kdesdk-3.5.8-2.fc7

A collection of applications and tools used by developers, including: cervisia: a CVS frontend kbabel: PO file management kbugbuster: a tool to manage the KDE bug report system kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays...

9.3CVSS2.4AI score0.0702EPSS
Exploits1
securityvulns
securityvulns
added 2007/04/16 12:0 a.m.35 views

elinks format string vulnerability

Relative path is used to search text strings .po file. It makes it possible to spoof the file and to conduct format string attack...

4.4CVSS2.1AI score0.00841EPSS
Exploits1Affected Software1
CVE
CVE
added 2007/04/13 6:0 p.m.99 views

CVE-2007-2027

CVE-2007-2027 affects Elinks 0.11.1 (ELinks) via the function add_filename_to_string in intl/gettext/loadmsgcat.c, allowing a local attacker to cause Elinks to load an untrusted gettext catalog (.po) from a ../po directory and potentially perform format-string attacks. Multiple connected sources ...

4.4CVSS5.8AI score0.00841EPSS
Exploits1References13Affected Software1
UbuntuCve
UbuntuCve
added 2007/01/23 12:28 a.m.17 views

CVE-2007-0404

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...

7.5CVSS6.1AI score0.0156EPSS
Exploits0References1
NVD
NVD
added 2007/01/23 12:28 a.m.18 views

CVE-2007-0404

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...

7.5CVSS7.3AI score0.0156EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2007/01/23 12:0 a.m.35 views

CVE-2007-0404

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...

7.5CVSS7.2AI score0.0156EPSS
Exploits0
Rows per page
Query Builder