35 matches found
MiracleLinux 4 : python-paste-script-1.7.3-5.AXS4 (AXSA:2012-895:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-895:01 advisory. Paster is pluggable command-line frontend, including commands to setup package file layouts Built-in features: Creating file layouts for packages. For instanc...
EUVD-2013-4347
Malware in sbrugna...
RHSA-2012:1206 Red Hat Security Advisory: python-paste-script security update
Bulletin has no description...
SUSE CVE-2012-0878
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem...
Paste Script has improper group memberships permissions
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem...
GHSA-27PX-QPMJ-QG38 Paste Script has improper group memberships permissions
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem...
Oracle: Security Advisory (ELSA-2012-1206)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-4482
Untrusted search path vulnerability in python-paste-script aka paster in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the 1 current working directory or 2 its parent directories...
CVE-2013-4482
CVE-2013-4482 affects Luci 0.26.0. The vulnerability is an untrusted search path issue: when Luci is started via its initscript, a local user can exploit a Trojan horse .egg-info file in the current working directory or its parent directories to gain privileges. The issue is confirmed in multiple...
Oracle Linux 6 : python-paste-script (ELSA-2012-1206)
The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2012-1206 advisory. 1.7.3-5 - fix group permissions in serve.py Resolves: CVE-2012-0878 Tenable has extracted the preceding description block directly from the Oracle Linux securit...
Fedora Update for python-paste-script FEDORA-2012-2302
Check for the Version of python-paste-script OpenVAS Vulnerability Test Fedora Update for python-paste-script FEDORA-2012-2302 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...
Fedora Update for python-paste-script FEDORA-2012-2302
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
RedHat Update for python-paste-script RHSA-2012:1206-01
Check for the Version of python-paste-script OpenVAS Vulnerability Test RedHat Update for python-paste-script RHSA-2012:1206-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/...
CentOS Update for python-paste-script CESA-2012:1206 centos6
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS Update for python-paste-script CESA-2012:1206 centos6
Check for the Version of python-paste-script OpenVAS Vulnerability Test CentOS Update for python-paste-script CESA-2012:1206 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
RedHat Update for python-paste-script RHSA-2012:1206-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS 6 : python-paste-script (CESA-2012:1206)
An updated python-paste-script package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RHEL 6 : python-paste-script (RHSA-2012:1206)
An updated python-paste-script package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Scientific Linux Security Update : python-paste-script on SL6.x i386/x86_64 (20120827)
Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root use...
python-paste-script: Supplementary groups not dropped when started an application with "paster serve" as root
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem...