SUSE CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

openSUSE Security Update : python (openSUSE-2019-1580)

This update for python fixes the following issues : Security issues fixed : - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFK...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2019:1439-1)

This update for python fixes the following issues : Security issues fixed : CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC...

SUSE-SU-2019:1439-1 Security update for python

This update for python fixes the following issues: Security issues fixed: - CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC...

X2Engine 4.2 - Arbitrary File Upload

Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5074/ Details: It was discovered that authenticated users were able to upload files of any type providing that the file did not have an extension that was listed in the following blacklist:...

ownCloud Server Arbitrary File Upload Vulnerability

ownCloud is an open source private cloud server. The ownCloud Server has a security vulnerability that allows authenticated users to bypass the file blacklist list and upload arbitrary files, such as .htaccess files, via UTF-8 encoded file paths...

CVE-2015-3013

ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file...

CVE-2015-3013

ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file...

CVE-2015-3013

ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file...

[ MDVSA-2015:190 ] owncloud

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:190 http://www.mandriva.com/en/support/security/ Package : owncloud Date : April 1, 2015 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

[ MDVSA-2015:191 ] owncloud

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:191 http://www.mandriva.com/en/support/security/ Package : owncloud Date : April 1, 2015 Affected: Business Server 2.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in...

Mandriva Linux Security Advisory : owncloud (MDVSA-2015:190)

Multiple vulnerabilities has been discovered and corrected in owncloud : - Login bypass when using userldap due to unauthenticated binds oC-SA-2014-020 - Login bypass when using the external FTP user backend oC-SA-2014-022 - CSRF in bookmarks application oC-SA-2014-027 - Stored XSS in bookmarks...

Mandriva Linux Security Advisory : owncloud (MDVSA-2015:191)

Multiple vulnerabilities has been discovered and corrected in owncloud : - Multiple stored XSS in contacts application oC-SA-2015-001 - Multiple stored XSS in documents application oC-SA-2015-002 - Bypass of file blacklist oC-SA-2015-004 The updated packages have been upgraded to the 7.0.5 versio...