RHEL 7 : python27 (RHSA-2020:4273)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4273 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

PYSEC-2020-173

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorizedkeys file. This occurs in downloadhttpurl in internal/download.py...

Cross-Site Scripting (XSS)

bepasty is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript via the download.py file because it renders content as html rather than converting it to text first...

CVE-2014-3855

Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter...

CVE-2014-3855

CVE-2014-3855 affects Pyplate 0.08, where download.py is vulnerable to directory traversal via a '..' in the filename parameter, allowing remote reading of arbitrary files. The vulnerability is documented with a default CVSS v2 base score of 5.0 (Medium) and a network attack vector with low acces...