Django Bugs Let Remote Users Access the Database

Decription: Several vulnerabilities were reported in Django. A remote user can obtain potentially sensitive information on the target system. A remote user can gain access to the target system. A remote user can conduct cross-site scripting attacks. On systems where tests were run with an Oracle database and a password was not manually specified in […]

Continue reading ...

Django 1.10 released

Decription: These release notes cover the new features, as well as some incompatible changes you’ll want to be aware of when upgrading from Django 1.9 or older versions. Some features were dropped that have reached the end of their deprecation cycle, and the deprecation process for some features has began. Changes: Full text search for […]

Continue reading ...

Django Input Validation Flaw in Administrator Add/Change Popup

Decription: Input Validation Flaw in Administrator Add/Change Popup Lets Remote Conduct Cross-Site Scripting Attacks The software does not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target administrative user’s browser. The code will originate from the site running the […]

Continue reading ...