16 matches found
EUVD-2025-15028
Malicious code in bioql PyPI...
CVE-2020-26878
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API /service/v1/createUser endpoint, injecting arbitrary commands that will be executed as root user via web.py...
CVE-2025-3818
A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB.processinsertquery of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-3818
CVE-2025-3818 affects webpy (web.py) 0.70, specifically the PostgresDB._process_insert_query in web/db.py. The vulnerability arises from manipulation of the seqname argument, enabling SQL injection that can be exploited remotely. Multiple sources corroborate, including NVD/NVD-derived data and De...
CVE-2025-3818 webpy web.py db.py PostgresDB._process_insert_query sql injection
A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB.processinsertquery of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
PT-2025-17389
Name of the Vulnerable Software and Affected Versions: webpy web.py version 0.70 Description: A critical vulnerability was found in webpy web.py. The function PostgresDB. process insert query of the file web/db.py is affected. The manipulation of the argument seqname leads to SQL injection. It is...
Open Redirect
tornado is vulnerable to Open Redirect. The vulnerability exists in the validateabsolutepath function of web.py because it does not properly validate the requests paths that start with double slashes"\", which allows an attacker to redirect users to malicious websites by providing a maliciously...
Improper Authentication
calibreweb is vulnerable to Improper Authentication. The vulnerability exists in the login function of web.py file, which allows a remote attacker to takeover the account by bruteforcing due to improper restriction of excessive authentication attempts...
CVE-2020-26878
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API /service/v1/createUser endpoint, injecting arbitrary commands that will be executed as root user via web.py...
Command injection
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API /service/v1/createUser endpoint, injecting arbitrary commands that will be executed as root user via web.py...
CVE-2020-26878
CVE-2020-26878 affects Ruckus IoT Controller (Ruckus vRIoT) up to version 1.5.1.0.21. An authenticated user can submit a crafted request to the API at /service/v1/createUser, injecting commands that are executed with root privileges via web.py. Public sources document this as a remote command-inj...
CVE-2020-26878
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API /service/v1/createUser endpoint, injecting arbitrary commands that will be executed as root user via web.py...
OnionShare File Overwrite and Information Disclosure Vulnerability
OnionShare is an open source file encryption transfer or sharing software developed by Brazilian software developer Micah Lee. A file overwrite and information disclosure vulnerability exists in the 'debugmode' function of the web/web.py file in OnionShare 1.3.1 and earlier versions, which can be...
Design/Logic Flaw
The debugmode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshareserver.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname...
CVE-2018-19960
The debugmode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshareserver.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname...
CVE-2018-19960
The debugmode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshareserver.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname...