Vulnerability & Exploit Database

Displaying all 7 entries

Results for: CVE-2013-1665 Back to search

USN-1730-1: OpenStack Keystone vulnerabilities Vulnerability

  • Severity: 5
  • Published: April 02, 2013

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

SUSE Linux Security Vulnerability: CVE-2013-1665 Vulnerability

  • Severity: 5
  • Published: April 02, 2013

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

FreeBSD: django -- multiple vulnerabilities (Multiple CVEs) Vulnerability

  • Severity: 5
  • Published: April 02, 2013

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

Alpine Linux: CVE-2013-1643: Multiple vulnerabilities in php < 5.3.22 allows remote information disclosure Vulnerability

  • Severity: 5
  • Published: March 06, 2013

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vuln...

USN-1757-1: Django vulnerabilities Vulnerability

  • Severity: 6
  • Published: November 18, 2012

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.

DSA-2634-1 python-django -- several vulnerabilities Vulnerability

  • Severity: 6
  • Published: November 18, 2012

The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.