EUVD-2006-0001

Malware in sbrugna...

EUVD-2008-0001

Malware in sbrugna...

OPENSUSE-SU-2024:14128-1 python310-CherryPy-18.9.0-3.3 on GA media

These are all security issues fixed in the python310-CherryPy-18.9.0-3.3 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11204-1 python36-CherryPy-18.6.1-1.2 on GA media

These are all security issues fixed in the python36-CherryPy-18.6.1-1.2 package on the GA media of openSUSE Tumbleweed...

Directory Traversal

cherryPy is vulnerable to Directory Traversal. The vulnerability is due to insufficient input validation by utilizing .. sequences within the staticfilter component, which allows remote attackers to read arbitrary files...

Directory Traversal

cherryPy is vulnerable to Directory Traversal. The vulnerability is due to improper input validation in the getfilepath function, allowing remote attackers to manipulate session IDs in cookies to create, delete, or possibly read and write arbitrary files...

WatchGuard XTM Firebox Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This...

WatchGuard XTM Firebox Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'WatchGuard XTM Firebox Unauthenticated Remote Command Execution', 'Description' = %q This module exploits a buffer overflow at the...

WatchGuard XTM Firebox Unauthenticated Remote Command Execution

This module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impac...

GHSA-76X8-GG39-5JJG CherryPy Malicious cookies allow access to files outside the session directory

Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...

CherryPy Malicious cookies allow access to files outside the session directory

Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...

GHSA-VX77-5PF4-C9WR CherryPy Directory traversal vulnerability

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors...

CherryPy Directory traversal vulnerability

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors...

SaltStack Salt REST API Arbitrary Command Execution

This module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8, 2018.3.5,...

SaltStack Salt REST API Arbitrary Command Execution Exploit

This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8,...

CherryPy Detection

Detection of CherryPy. The script sends a connection request to the server and attempts to detect CherryPy and extract its version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the...

Tautulli Detection (HTTP)

HTTP based detection of Tautulli. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.143150";...

CVE-2008-0252

Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...

openSUSE Security Update : salt (openSUSE-2017-1016)

This update for salt fixes the following issues : - Update to 2017.7.1 See https://docs.saltstack.com/en/develop/topics/releases/20 17.7.1.html for full changelog - CVE-2017-12791: crafted minion ID could lead directory traversal on the Salt-master boo1053955 - Run fdupes over all of /usr because...

CherryMusic Cross-Site Scripting Vulnerability

CherryMusic is a music streaming server based on CherryPy and jPlayer. A cross-site scripting vulnerability exists in CherryMusic, which can be exploited by an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, due to the program...