Download
| Alert*
oval:org.secpod.oval:def:2102504
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. oval:org.secpod.oval:def:111613 Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. oval:org.secpod.oval:def:1800798 CVE-2016-9013: User with hardcoded password created when running tests on Oracle When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn"t manually specified in the database settings TEST dictionary, a hardcoded password is used. Thi ... oval:org.secpod.oval:def:51660 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:602859 Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9013 Marti Raudsepp reported that a user with a hardcoded password is created when running tests with an Orac ... oval:org.secpod.oval:def:703337 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:1800506 CVE-2016-9013: User with hardcoded password created when running tests on Oracle. When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn"t manually specified in the database settings TEST dictionary, a hardcoded password is used. Th ... |