WordPress Gita theme <= 1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gita versions = 1.11...

WordPress Chroma theme <= 1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Chroma versions = 1.11...

WordPress Convex theme <= 1.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Convex versions = 1.11...

Linux Distros Unpatched Vulnerability : CVE-2019-12308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the...

Linux Distros Unpatched Vulnerability : CVE-2018-1324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and...

MiniCMS 跨站请求伪造漏洞

MiniCMS is a mini content management system designed for personal websites by Dada bg5sbk individual developers. A cross-site request forgery vulnerability exists in MiniCMS 1.11 and earlier versions, which stems from some unknown processing in the file post-edit.php that can lead to cross-site...

PT-2024-30337 · Unknown · Merkulove Selection Lite

Name of the Vulnerable Software and Affected Versions: Merkulove Selection Lite versions 1.11 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations:...

at.zierler.yamlvalidator:at.zierler.yamlvalidator.gradle.plugin (>=1.0.0 <=1.2.1), co.infinum.polyglot-android-client:polyglot-gradle-plugin (>=1.3.0 <=1.4.0) +151 more potentially affected by CVE-2023-24620 via com.esotericsoftware.yamlbeans:yamlbeans (>=1.11 <=1.15)

com.esotericsoftware.yamlbeans:yamlbeans MAVEN version =1.11, =1.0.0, =1.3.0, =1.3.0, =1.0.0, =0.3.0, =0.3.0, =0.3.0, =1.0, =1.0.0, =1.0.3 and more Source cves: CVE-2023-24620 Source advisory: OSV:GHSA-VJ49-J7RC-H54F...

Chamilo LMS 跨站请求伪造漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question and answer sessions. A cross-site request forgery vulnerability exists in Chamilo LMS versions v.1.1...

PT-2023-25779 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11.x up to 1.11.20 Description: The issue allows users with admin privilege accounts to insert XSS in the skills wheel. This can be exploited by users with administrative privileges. Recommendations: For Chamilo versions...

PT-2023-25078 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11.x through 1.11.18 Description: The issue is related to incorrect access control, allowing a student to access and modify another student's personal notes. Recommendations: For Chamilo versions 1.11.x through 1.11.18,...

SUSE CVE-2012-0804

Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP response...

admindjango-ckeditor-blog (=0.1.0), aiida-core (=1.0.0) +53 more potentially affected by CVE-2020-9402 via django (>=1.11.0 <=1.11.28)

django PYPI version =1.11.0, =0.2.0.dev20181221, =0.28.0, =3.1.4, =2.19.0, =0.0.19, =4.4.1, =1.0.0, =0.6.0, =0.7.2 and more Source cves: CVE-2020-9402 Source advisory: OSV:GHSA-3GH2-XW74-JMCW...

GHSA-HMR4-M2H5-33QX SQL injection in Django

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

ALPINE-CVE-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

PYSEC-2020-35

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

Django -- potential SQL injection vulnerability

MITRE CVE reports: Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitabl...

UBUNTU-CVE-2019-14233

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

admindjango-ckeditor-blog (=0.1.0), aileen (>=0.2.0.dev20181221 <=0.2.1) +41 more potentially affected by CVE-2019-12308 via django (>=1.11.0 <=1.11.20)

django PYPI version =1.11.0, =0.2.0.dev20181221, =0.0.19, =4.4.1, =1.0.0, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =1.0.1 - django-defender =0.5.0 and more Source cves: CVE-2019-12308 Source advisory: OSV:PYSEC-2019-79...

Django Open Redirect Vulnerability

Django is a set of Django Software Foundation based on the Python language open source Web application framework. The framework includes object-oriented mapper , view system , template system and so on. An open redirection vulnerability exists in django.middleware.common.CommonMiddleware in Djang...