[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

114154

 
 

909

 
 

88671

 
 

136

 
 
Paid content will be excluded from the download.

Filter
Matches : 88569 Download | Alert*

Andreas Hug discovered an open redirect in Django, a Python web development framework, which is exploitable if django.middleware.common.CommonMiddleware is used and the APPEND_SLASH setting is enabled.

python-django: High-level Python web development framework Django could be used as an open redirect.

If the django.middleware.common.CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash , then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks. Fixed In Version:¶ Django 1.11.15 and Django 2.0.8

If the django.middleware.common.CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash , then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks. Fixed In Version:¶ Django 1.11.15 and Django 2.0.8

If the django.middleware.common.CommonMiddleware and the APPEND_SLASH setting are both enabled, and if the project has a URL pattern that accepts any path ending in a slash , then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks. Fixed In Version:¶ Django 1.11.15 and Django 2.0.8

Several issues were discovered in the Tomcat servlet and JSP engine. They could lead to unauthorized access to protected resources, denial-of-service, or information leak.

tomcat8: Servlet and JSP engine - tomcat7: Servlet and JSP engine Several security issues were fixed in Tomcat.

The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.An improper handing of ove ...

The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.An improper handing of ove ...

postgresql-10: object-relational SQL database - postgresql-9.5: Object-relational SQL database - postgresql-9.3: Object-relational SQL database Several security issues were fixed in PostgreSQL.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   8856

© SecPod Technologies