178 matches found
CVE-2016-3957
The secureload function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryptionkey...
CVE-2016-3954
web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...
UBUNTU-CVE-2016-3954
web2py before 2.14.2 allows remote attackers to obtain the sessioncookiekey value via a direct request to examples/simpleexamples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957...
UBUNTU-CVE-2016-3952
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...
UBUNTU-CVE-2016-3953
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...
CVE-2016-3953
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...
Web2py gluon/tools.py file open redirect vulnerability
web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . An open redirect vulnerability exists in the gluon/tools.py file in web2py version 2.9.11. A remote attacker can exploit this vulnerability by sending the...
CVE-2015-6961
Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to user/logout...
CVE-2015-6961
Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to user/logout...
Open redirect
Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to user/logout...
UBUNTU-CVE-2015-6961
Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to user/logout...
CVE-2015-6961
Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to user/logout...
CVE-2015-6961
CVE-2015-6961 is an open redirect vulnerability affecting Web2py 2.9.11 in the gluon/tools.py file. The issue allows a remote attacker to craft a URL with the _next parameter (to user/logout) that redirects victims to an arbitrary site, enabling phishing-style redirects. Public references confirm...
web2py security bypass vulnerability
web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A security bypass vulnerability exists in web2py versions prior to 2.14.6. A remote attacker can exploit this vulnerability to conduct a brute force attac...
CVE-2016-10321
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...
Design/Logic Flaw
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...
CVE-2016-10321
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...
CVE-2016-10321
CVE-2016-10321 affects web2py up to version 2.14.6, where the system does not properly check if a host is denied before verifying passwords, enabling remote brute-force attempts. The vulnerability is documented across multiple sources (e.g., GHSA-GV85-WGXC-VC56, USN-4030-1, OSV, and NVD entry). I...
CVE-2016-10321
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...
CVE-2016-10321
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks...