29 matches found
Debian DLA-272-1 : python-django security update
Several vulnerabilities were discovered in Django, a high-level Python web development framework : CVE-2015-2317 Daniel Chatfield discovered that python-django, a high-level Python web development framework, incorrectly handled user-supplied redirect URLs. A remote attacker could use this flaw to...
Debian DSA-3305-1 : python-django - security update
Several vulnerabilities were discovered in Django, a high-level Python web development framework : - CVE-2015-5143 Eric Peterson and Lin Hua Cheng discovered that a new empty record used to be created in the session storage every time a session was accessed and an unknown session key was provided...
[SECURITY] [DSA 3204-1] python-django security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3204-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 24, 2015 http://www.debian.org/security/faq -...
BEdita CMS 3.5.1 Cross Site Scripting
Affected software: BEdita CMS Type of vulnerability: cross site scripting URL: bedita.com Discovered by: Provensec Website: http://www.provensec.com Description: BEdita is a web development framework that comes with a full featured CMS out of the box. Proof of concept javascript executes on login...
Debian DSA-2755-1 : python-django - directory traversal
Rainer Koirikivi discovered a directory traversal vulnerability with'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWEDINCLUDEROOTS' setting, used to represent allowed prefixes for the % ssi % template tag, is...
[SECURITY] [DSA 2163-1] python-django security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2163-1 [email protected] http://www.debian.org/security/ Nico Golde February 14, 2011 http://www.debian.org/security/faq -...
Debian DSA-2163-1 : python-django - multiple vulnerabilities
Several vulnerabilities were discovered in the Django web development framework : - CVE-2011-0696 For several reasons the internal CSRF protection was not used to validate AJAX requests in the past. However, it was discovered that this exception can be exploited with a combination of browser...
Phpcms 2 0 0 8 two SQL injection vulnerabilities-vulnerability warning-the black bar safety net
Phpcms is a leading web content management system, but also is an open-source PHP development framework. SQL injectiona In the file api/space. api. php: $arrcontent = $content-listinfo"userid='$userid'", $order, 1, 1 0; //line 7 Listinfo function in the file include/admin/ content. class. php:...
[ECHO_ADV_27$2006] AngelineCMS 0.8.1 Installpath Remote File Inclusion
/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV27$2006 --------------------------------------------------------------------------- ECHOADV27$2006 AngelineCMS 0.8.1 Installpath Remote File Inclusion --------------------------------------------------------------------------- Author :...