Lucene search
K
Django ProjectDjango

6 matches found

CVE
CVE
added 2009/08/04 4:13 p.m.89 views

CVE-2009-2659

CVE-2009-2659 affects the Django Admin media handler in core/servers/basehttp.py for Django 1.0 and 0.96. The vulnerability arises from improper mapping of URL requests to static media files, enabling directory traversal and reading arbitrary files via a crafted URL. Descriptions in connected rec...

5CVSS6.4AI score0.02265EPSS
CVE
CVE
added 2007/10/30 7:0 p.m.79 views

CVE-2007-5712

The CVE-2007-5712 issue affects Django’s i18n framework (versions 0.91, 0.95, 0.95.1, 0.96) and is also observed when used in PyLucid. The vulnerability allows remote attackers to induce memory consumption (DoS) by sending many HTTP requests with large Accept-Language headers. Public docs record ...

2.6CVSS6.2AI score0.01799EPSS
CVE
CVE
added 2008/05/23 3:0 p.m.73 views

CVE-2008-2302

The CVE-2008-2302 issue is a cross-site scripting (XSS) vulnerability in Django’s admin login form. Affected products/versions: Django 0.91 before 0.91.2, Django 0.95 before 0.95.3, and Django 0.96 before 0.96.2. The vulnerability allows remote attackers to inject arbitrary script/HTML via the UR...

4.3CVSS5.3AI score0.01312EPSS
CVE
CVE
added 2007/01/23 12:0 a.m.67 views

CVE-2007-0405

CVE-2007-0405 affects Django 0.95: the LazyUser class in AuthenticationMiddleware does not properly cache the username across requests, allowing remote authenticated users to gain the privileges of a different user. Impact and exploit details are not provided beyond this description in the suppli...

6.5CVSS6.4AI score0.01188EPSS
CVE
CVE
added 2007/01/23 12:0 a.m.62 views

CVE-2007-0404

CVE-2007-0404 affects Django 0.95. The vulnerability lies in bin/compile-messages.py, which invokes msgfmt via os.system without quoting argument strings, allowing an attacker to inject shell metacharacters via a (1) .po or (2) .mo file and execute arbitrary commands. The underlying cause is unsa...

7.5CVSS7.3AI score0.0156EPSS
CVE
CVE
added 2007/11/05 7:0 p.m.50 views

CVE-2007-5828

Cross-site request forgery (CSRF) vulnerability in Django 0.96 is exposed in the admin panel, allowing remote attackers to change passwords via a request to admin/auth/user/1/password/. The issue stems from the default configuration not enabling the CSRF protection module, though Debian notes thi...

6.8CVSS7AI score0.00749EPSS