Filtered by vendor Turbogears
Subscriptions
Filtered by product Turbogears2
Subscriptions
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2009-5015 | 1 Turbogears | 1 Turbogears2 | 2024-11-21 | N/A |
The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors. | ||||
CVE-2009-5014 | 1 Turbogears | 1 Turbogears2 | 2024-11-21 | N/A |
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852. |
Page 1 of 1.