1151 matches found
CVE-2023-40587
Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...
CVE-2023-40587 Pyramid static view path traversal up one directory
Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...
CVE-2023-40587
Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...
CVE-2023-40587 Pyramid static view path traversal up one directory
Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of t...
Pyramid static view path traversal up one directory
Impact This impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be...
CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...
DEBIAN-CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...
UBUNTU-CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...
CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath, the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python...
PT-2023-9652 · Python +6 · Python +6
Name of the Vulnerable Software and Affected Versions: Python versions 3.11 through 3.11.4 Description: The issue is related to the os.path.normpath function, which truncates a path unexpectedly at the first '0' byte if such bytes are present in the path. This could lead to security issues, as...
U.S. Dept Of Defense: RCE via File Upload with a Null Byte Truncated File Extension at https://██████/
A remote code execution vulnerability via file upload with a null byte truncated file extension was found on a website. By uploading a file with .asp%00.png extension, malicious ASP code could be executed on the server. This allowed an attacker to run arbitrary system commands. The issue was...
Remote Code Execution (RCE)
openmeetings is vulnerable to Remote Code Execution RCE. The vulnerability exists because the library does not properly validate the paths, which allows an attacker to perform malicious code execution through the null-byte injection...
Apache OpenMeetings 2.0.0 < 7.1.0 Multiple Vulnerabilities
Apache OpenMeetings is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:openmeetings";...
Apache OpenMeetings vulnerable to remote code execution via null-bye injection
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...
GHSA-MG5H-F3Q8-C96G Apache OpenMeetings vulnerable to remote code execution via null-bye injection
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...
CVE-2023-29246
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...
CVE-2023-29246
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...
Design/Logic Flaw
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...
CVE-2023-29246 Apache OpenMeetings: allows null-byte Injection
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...
CVE-2023-29246 Apache OpenMeetings: allows null-byte Injection
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...