CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

SUSE CVE•added 2023/02/15 5:50 a.m.•2 views

SUSE CVE-2011-4137

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

5CVSS8.5AI score0.0188EPSS

Exploits0References3

Github Security Blog•added 2022/05/14 3:49 a.m.•23 views

Django Might Allow CSRF Requests via URL Verification

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitra...

5CVSS6.8AI score0.00635EPSS

Exploits0References12Affected Software1

Prion•added 2011/10/19 10:55 a.m.•21 views

Design/Logic Flaw

5CVSS7AI score0.0188EPSS

Exploits0References9Affected Software1

OSV•added 2011/10/19 10:55 a.m.•28 views

PYSEC-2011-2

5CVSS5.7AI score0.0188EPSS

Exploits0References10

PyPA•added 2011/10/19 10:55 a.m.•4 views

PYSEC-2011-2

6.4CVSS7AI score0.0188EPSS

Exploits0References10Affected Software1

UbuntuCve•added 2011/10/19 12:0 a.m.•39 views

CVE-2011-4138

5CVSS5.9AI score0.00635EPSS

Exploits0References3

seebug.org•added 2011/09/13 12:0 a.m.•24 views

Django开发框架多个安全漏洞

Bugtraq ID: 49573 Django是一款开放源代码的Web应用框架，由Python写成。 Django存在多个安全漏洞，允许攻击者获得敏感信息，操作数据，进行缓存毒药攻击或进行拒绝服务攻击。 1当使用缓存后端时django.contrib.sessions中处理会话存在错误，可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。 2Django模型系统包括一个字段类型-- URLField...

6.9AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by