Lucene search
K

178 matches found

UbuntuCve
UbuntuCve
added 2018/02/06 12:0 a.m.17 views

CVE-2016-3957

The secureload function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryptionkey...

9.8CVSS7.2AI score0.0499EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2018/02/06 12:0 a.m.19 views

CVE-2016-3954

web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...

5.5CVSS7.2AI score0.01411EPSS
Exploits1References3
OSV
OSV
added 2018/02/06 12:0 a.m.10 views

UBUNTU-CVE-2016-3954

web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...

5.5CVSS7.2AI score0.0499EPSS
Exploits2References4
OSV
OSV
added 2018/02/06 12:0 a.m.9 views

UBUNTU-CVE-2016-3952

web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...

7.8CVSS6.8AI score0.0499EPSS
Exploits2References5
OSV
OSV
added 2018/02/06 12:0 a.m.4 views

UBUNTU-CVE-2016-3953

The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...

9.8CVSS7.2AI score0.0499EPSS
Exploits2References5
UbuntuCve
UbuntuCve
added 2018/02/06 12:0 a.m.21 views

CVE-2016-3953

The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...

9.8CVSS7.5AI score0.03376EPSS
Exploits1References4
CNVD
CNVD
added 2017/10/26 12:0 a.m.3 views

Web2py gluon/tools.py file open redirect vulnerability

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . An open redirect vulnerability exists in the gluon/tools.py file in web2py version 2.9.11. A remote attacker can exploit this vulnerability by sending the...

6.1CVSS6.2AI score0.01009EPSS
Exploits0References1
NVD
NVD
added 2017/10/18 8:29 p.m.14 views

CVE-2015-6961

Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to user/logout...

6.1CVSS6.2AI score0.01009EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2017/10/18 8:29 p.m.23 views

CVE-2015-6961

Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to user/logout...

6.1CVSS6.5AI score0.01009EPSS
Exploits0References3
Prion
Prion
added 2017/10/18 8:29 p.m.16 views

Open redirect

Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to user/logout...

5.8CVSS7.1AI score0.01009EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/10/18 8:29 p.m.3 views

UBUNTU-CVE-2015-6961

Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to user/logout...

6.1CVSS6.5AI score0.01009EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/10/18 8:0 p.m.16 views

CVE-2015-6961

Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to user/logout...

6.2AI score0.01009EPSS
Exploits0References2
CVE
CVE
added 2017/10/18 8:0 p.m.52 views

CVE-2015-6961

CVE-2015-6961 is an open redirect vulnerability affecting Web2py 2.9.11 in the gluon/tools.py file. The issue allows a remote attacker to craft a URL with the _next parameter (to user/logout) that redirects victims to an arbitrary site, enabling phishing-style redirects. Public references confirm...

6.1CVSS6.2AI score0.01009EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/04/13 12:0 a.m.4 views

web2py security bypass vulnerability

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A security bypass vulnerability exists in web2py versions prior to 2.14.6. A remote attacker can exploit this vulnerability to conduct a brute force attac...

9.8CVSS9.2AI score0.02587EPSS
Exploits0References1
NVD
NVD
added 2017/04/10 2:59 p.m.17 views

CVE-2016-10321

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...

9.8CVSS9.4AI score0.02587EPSS
Exploits0References3
Prion
Prion
added 2017/04/10 2:59 p.m.13 views

Design/Logic Flaw

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...

5CVSS7AI score0.02587EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/04/10 2:59 p.m.12 views

CVE-2016-10321

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...

9.8CVSS6.8AI score
Exploits0References3
CVE
CVE
added 2017/04/10 2:0 p.m.77 views

CVE-2016-10321

CVE-2016-10321 affects web2py up to version 2.14.6, where the system does not properly check if a host is denied before verifying passwords, enabling remote brute-force attempts. The vulnerability is documented across multiple sources (e.g., GHSA-GV85-WGXC-VC56, USN-4030-1, OSV, and NVD entry). I...

9.8CVSS9.3AI score0.02587EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/04/10 2:0 p.m.21 views

CVE-2016-10321

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...

9.4AI score0.02587EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/04/10 12:0 a.m.22 views

CVE-2016-10321

web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...

9.8CVSS7.2AI score0.02587EPSS
Exploits0References3
Rows per page
Query Builder