136 matches found
Starting/stopping Amazon EC2 instances using CLI and Python SDK
It's a very good practice to scan your perimeter from the outside of your network, simulating an attacker. However, you will need to deploy the scanners somewhere to do this. Hosting on Amazon EC2 can be a good and cost-effective option, especially if you start instances with vulnerability scanne...
Code injection
The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle MITM attack...
CVE-2012-3533
The CVE-2012-3533 affects the oVirt 3.1 Python SDK (pre-3.1.0.6) and CLI (pre-3.1.0.8). Root cause: the client did not validate the server SSL certificate against its keys, enabling a MITM to spoof the server. Impact: potential remote spoofing of the server during TLS. Mitigation: upgrade to Pyth...
CVE-2012-3533
The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle MITM attack...
CVE-2011-4212
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a devappserver.RestrictedPathFunction.originalos reference within the code paramete...
CVE-2011-4213
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a fileblobstorage.os reference within the code parameter to...
Design/Logic Flaw
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a fileblobstorage.os reference within the code parameter to...
Design/Logic Flaw
The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWEDMODES and ALLOWEDDIRS changes within the co...
Design/Logic Flaw
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a devappserver.RestrictedPathFunction.originalos reference within the code paramete...
CVE-2011-4211
The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWEDMODES and ALLOWEDDIRS changes within the co...
CVE-2011-4213
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a fileblobstorage.os reference within the code parameter to...
CVE-2011-4211
The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWEDMODES and ALLOWEDDIRS changes within the co...
CVE-2011-4212
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a devappserver.RestrictedPathFunction.originalos reference within the code paramete...
CVE-2011-1364
CVE-2011-1364 describes a CSRF vulnerability in the Google App Engine Python SDK before 1.5.4, specifically in the Interactive Console at _ah/admin/interactive/execute. The flaw allows remote attackers to hijack administrator authentication for requests that execute arbitrary Python code via the ...
CVE-2011-4212
CVE-2011-4212 describes a vulnerability in the Google App Engine Python SDK sandbox prior to 1.5.4. The sandbox does not properly prevent os.popen calls, allowing a local attacker with access to bypass access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._...
CVE-2011-4213
The CVE-2011-4213 issue affects the Google App Engine Python SDK prior to 1.5.4, where the sandbox/Interactive Console path _ah/admin/interactive/execute is vulnerable to CSRF. The vulnerability allows remote attackers to hijack administrator authentication and execute arbitrary Python code via t...