Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
user project user 1.4.5 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-10366
An issue exists in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.
User Project User 1.4.5
1 EDB exploit
8.8
CVSSv3
CVE-2015-8540
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 up to and including 0.99, 1.0.x prior to 1.0.66, 1.1.x and 1.2.x prior to 1.2.56, 1.3.x and 1.4.x prior to 1.4.19, and 1.5.x prior to 1.5.26 allows remote malicious users to have unspecified impact v...
Redhat Enterprise Linux Desktop Supplementary 6.0
Redhat Enterprise Linux Server Supplementary 6.0
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Workstation Supplementary 6.0
Redhat Enterprise Linux Server Supplementary 5.0
Redhat Enterprise Linux Desktop Supplementary 5.0
Libpng Libpng 1.2.14
Libpng Libpng 1.2.45
Libpng Libpng 1.2.46
Libpng Libpng 1.2.33
Libpng Libpng 1.2.16
Libpng Libpng 1.2.35
Libpng Libpng 1.2.29
Libpng Libpng 1.2.26
Libpng Libpng 1.2.54
Libpng Libpng 1.2.7
Libpng Libpng 1.2.43
Libpng Libpng 1.2.2
Libpng Libpng 1.2.4
Libpng Libpng 1.2.22
Libpng Libpng 1.2.39
Libpng Libpng 1.2.48
7.4
CVSSv3
CVE-2016-2512
The utils.http.is_safe_url function in Django prior to 1.8.10 and 1.9.x prior to 1.9.3 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authenticat...
Djangoproject Django 1.9
Djangoproject Django 1.9.2
Djangoproject Django 1.9.1
Djangoproject Django 1.8.9
3.1
CVSSv3
CVE-2016-2513
The password hasher in contrib/auth/hashers.py in Django prior to 1.8.10 and 1.9.x prior to 1.9.3 allows remote malicious users to enumerate users via a timing attack involving login requests.
Djangoproject Django 1.8.9
Djangoproject Django 1.9.2
Djangoproject Django 1.9.1
Djangoproject Django 1.9
NA
CVE-2015-0219
Django prior to 1.4.18, 1.6.x prior to 1.6.10, and 1.7.x prior to 1.7.3 allows remote malicious users to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.
Djangoproject Django 1.6.1
Djangoproject Django 1.6.2
Djangoproject Django 1.6.9
Djangoproject Django 1.7
Djangoproject Django 1.6.5
Djangoproject Django 1.6.6
Djangoproject Django
Djangoproject Django 1.6
Djangoproject Django 1.6.7
Djangoproject Django 1.6.8
Djangoproject Django 1.6.3
Djangoproject Django 1.6.4
Djangoproject Django 1.7.1
Djangoproject Django 1.7.2
NA
CVE-2015-0220
The django.util.http.is_safe_url function in Django prior to 1.4.18, 1.6.x prior to 1.6.10, and 1.7.x prior to 1.7.3 does not properly handle leading whitespaces, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redir...
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 10.04
Djangoproject Django 1.6.2
Djangoproject Django 1.6.3
Djangoproject Django 1.7
Djangoproject Django 1.7.1
Djangoproject Django
Djangoproject Django 1.6.6
Djangoproject Django 1.6.7
Djangoproject Django 1.6
Djangoproject Django 1.6.1
Djangoproject Django 1.6.8
Djangoproject Django 1.6.9
Djangoproject Django 1.6.4
Djangoproject Django 1.6.5
Djangoproject Django 1.7.2
NA
CVE-2015-0221
The django.views.static.serve view in Django prior to 1.4.18, 1.6.x prior to 1.6.10, and 1.7.x prior to 1.7.3 reads files an entire line at a time, which allows remote malicious users to cause a denial of service (memory consumption) via a long line in a file.
Djangoproject Django 1.6.4
Djangoproject Django 1.6.5
Djangoproject Django 1.7.2
Djangoproject Django 1.6
Djangoproject Django 1.6.1
Djangoproject Django 1.6.8
Djangoproject Django 1.6.9
Djangoproject Django 1.6.2
Djangoproject Django 1.6.3
Djangoproject Django 1.7
Djangoproject Django 1.7.1
Djangoproject Django
Djangoproject Django 1.6.6
Djangoproject Django 1.6.7
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
NA
CVE-2014-0480
The core.urlresolvers.reverse function in Django prior to 1.4.14, 1.5.x prior to 1.5.9, 1.6.x prior to 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote malicious users to conduct phishing attacks via a // (slash slash) in a URL, which...
Opensuse Opensuse 13.1
Opensuse Opensuse 12.3
Djangoproject Django 1.7
Djangoproject Django 1.6
Djangoproject Django 1.6.3
Djangoproject Django 1.6.4
Djangoproject Django 1.6.1
Djangoproject Django 1.6.2
Djangoproject Django 1.6.5
Djangoproject Django 1.5
Djangoproject Django 1.5.6
Djangoproject Django 1.5.7
Djangoproject Django 1.5.2
Djangoproject Django 1.5.3
Djangoproject Django 1.5.1
Djangoproject Django 1.5.8
Djangoproject Django 1.5.4
Djangoproject Django 1.5.5
Djangoproject Django
Djangoproject Django 1.4.2
Djangoproject Django 1.4
Djangoproject Django 1.4.1
NA
CVE-2014-0481
The default configuration for the file upload handling system in Django prior to 1.4.14, 1.5.x prior to 1.5.9, 1.6.x prior to 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows rem...
Opensuse Project Opensuse 12.3
Opensuse Opensuse 13.1
Djangoproject Django 1.4.1
Djangoproject Django 1.4.10
Djangoproject Django 1.4.6
Djangoproject Django 1.4.7
Djangoproject Django
Djangoproject Django 1.4.2
Djangoproject Django 1.4
Djangoproject Django 1.4.4
Djangoproject Django 1.4.5
Djangoproject Django 1.4.11
Djangoproject Django 1.4.12
Djangoproject Django 1.4.8
Djangoproject Django 1.4.9
Djangoproject Django 1.5.1
Djangoproject Django 1.5.2
Djangoproject Django 1.5
Djangoproject Django 1.5.6
Djangoproject Django 1.5.7
Djangoproject Django 1.5.8
Djangoproject Django 1.5.3
NA
CVE-2014-0482
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django prior to 1.4.14, 1.5.x prior to 1.5.9, 1.6.x prior to 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web s...
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Djangoproject Django 1.6
Djangoproject Django 1.6.1
Djangoproject Django 1.6.2
Djangoproject Django 1.6.3
Djangoproject Django 1.6.4
Djangoproject Django 1.6.5
Djangoproject Django 1.4
Djangoproject Django 1.4.1
Djangoproject Django 1.4.5
Djangoproject Django 1.4.6
Djangoproject Django 1.4.10
Djangoproject Django 1.4.11
Djangoproject Django 1.4.7
Djangoproject Django 1.4.8
Djangoproject Django 1.4.12
Djangoproject Django
Djangoproject Django 1.4.9
Djangoproject Django 1.4.2
Djangoproject Django 1.4.4
Djangoproject Django 1.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »