Symantec Data Center Security Server SQLi (SYM15-001)

The remote Symantec Data Center Security Server running on the remote host is affected by a SQL injection vulnerability in the '/sis-ui/authenticate' script on the web console interface. A remote attacker, using a crafted HTTP request, can exploit this to execute SQL queries, allowing the...

Ubuntu 10.04 LTS / 12.04 LTS : python-django regression (USN-2469-2)

USN-2469-1 fixed vulnerabilities in Django. The security fix for CVE-2015-0221 introduced a regression on Ubuntu 10.04 LTS and Ubuntu 12.04 LTS when serving static content through GZipMiddleware. This update fixes the problem. We apologize for the inconvenience. Jedediah Smith discovered that...

WordPress Photo Gallery Blind SQL injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

MGASA-2015-0026 Updated python-django and python-django14 packages fix security vulnerabilities

Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments CVE-2015-0219. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker...

CVE-2015-0222

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when showhiddeninitial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries...

PYSEC-2015-7

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when showhiddeninitial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries...

CVE-2015-0222

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when showhiddeninitial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries...

CVE-2015-0222

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when showhiddeninitial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries...

Ubuntu 14.04 LTS : Django vulnerabilities (USN-2469-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2469-1 advisory. Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers i...

USN-2469-1: Django vulnerabilities

Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. CVE-2015-0219 Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker...

CVE-2015-0222

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when showhiddeninitial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries...

UBUNTU-CVE-2015-0222

ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when showhiddeninitial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries...

MyBB 1.8.X - Multiple Vulnerabilities

Latest MyBB forum software suffers on multiple vulnerabilities, including SQL Injection and Cross Site Scripting. Such bugs may allow attacker to perform remote sql queries against the database, and so on. Title: MyBB 1.8.X - Multiple Vulnerabilities Date: 13.11.2014 Tested on: Linux / Apache 2.2...

Enterprise Manager Install fails with Patched Database Error

Purpose If the Veeam Backup Enterprise Manager software is moved, or needs to be reinstalled and it was previously patched it errors out with the following error: Cause The SQL database that is being reused contains table entries that mark it as having been used with a newer version the version o...

WordPress Multi View Event Calendar SQL Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

Drupal 7.31 CORE pre Auth SQL Injection Vulnerability

Exploit for php platform in category web applications Advisory: Drupal - pre-auth SQL Injection Vulnerability Release Date: 2014/10/15 Last Modified: 2014/10/15 Author: Stefan Horst Application: Drupal = 7.0 = 7.31 Severity: Full SQL injection, which results in total control and code execution of...

TeamPass < 2.1.20 Multiple Vulnerabilities

TeamPass is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:teampass:teampass"; ifdescription...

WordPress Plugin All In One WP Security 3.8.2 - SQL Injection

Advisory ID: HTB23231 Product: All In One WP Security WordPress plugin Vendor: Tips and Tricks HQ, Peter, Ruhul, Ivy Vulnerable Versions: 3.8.2 and probably prior Tested Version: 3.8.2 Advisory Publication: September 3, 2014 without technical details Vendor Notification: September 3, 2014 Vendor...

ArticleFR CMS 'id' Parameter SQL Injection Vulnerability

ArticleFR CMS is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.7.1-1.fc20

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...