13 matches found
Code injection
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...
CVE-2018-1299
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...
CVE-2018-1299
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...
CVE-2018-1299
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...
CVE-2013-4482
CVE-2013-4482 affects Luci 0.26.0. The vulnerability is an untrusted search path issue: when Luci is started via its initscript, a local user can exploit a Trojan horse .egg-info file in the current working directory or its parent directories to gain privileges. The issue is confirmed in multiple...
CentOS Update for python-paste-script CESA-2012:1206 centos6
Check for the Version of python-paste-script OpenVAS Vulnerability Test CentOS Update for python-paste-script CESA-2012:1206 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
CentOS 6 : python-paste-script (CESA-2012:1206)
An updated python-paste-script package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Scientific Linux Security Update : python-paste-script on SL6.x i386/x86_64 (20120827)
Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root use...
RHEL 6 : python-paste-script (RHSA-2012:1206)
An updated python-paste-script package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Moderate: Red Hat Security Advisory: python-paste-script security update
An updated python-paste-script package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Fedora 17 : python-paste-script-1.7.5-4.fc17 (2012-2302)
This update fixes a security flaw with Paster that prevents it from properly dropping privileges when run as root. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format i...
Fedora 16 : python-paste-script-1.7.5-4.fc16 (2012-2418)
This update fixes a security flaw with Paster that prevents it from properly dropping privileges when run as root. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format i...
[SECURITY] Fedora 16 Update: python-paste-script-1.7.5-4.fc16
Paster is pluggable command-line frontend, including commands to setup pack age file layouts Built-in features: Creating file layouts for packages. For instance a setuptools-ready file layout. Serving up web applications, with configuration based on paste.deploy...