Lucene search
K

111 matches found

RedHat Linux
RedHat Linux
added 2015/11/19 6:4 a.m.5 views

python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs

It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory...

9.8CVSS7AI score0.24148EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.28 views

Amazon Linux: Security Advisory (ALAS-2014-440)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.3AI score0.24148EPSS
Exploits6References3
RedHat Linux
RedHat Linux
added 2015/06/04 8:27 a.m.7 views

python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs

It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory...

9.8CVSS7AI score0.24148EPSS
Exploits5References4
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.139 views

[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...

8.3AI score0.24148EPSS
Exploits5
Mageia
Mageia
added 2014/07/08 10:35 p.m.60 views

Updated python & python3 packages fix two vulnerabilities

Updated python and python3 packages fix security vulnerabilities: Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value tha...

9.8CVSS7.1AI score0.24148EPSS
Exploits6References4
OSV
OSV
added 2014/06/25 12:0 a.m.3 views

UBUNTU-CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

9.8CVSS7AI score0.24148EPSS
Exploits5References4
UbuntuCve
UbuntuCve
added 2014/03/14 4:55 p.m.20 views

CVE-2013-1939

The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ backslash character...

5CVSS6AI score0.01779EPSS
Exploits0References2
OSV
OSV
added 2013/11/18 2:55 a.m.12 views

PYSEC-2013-28

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report...

7.8CVSS5.2AI score0.02137EPSS
Exploits1References5
Cvelist
Cvelist
added 2013/11/15 6:16 p.m.15 views

CVE-2013-4510

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report...

6.6AI score0.02137EPSS
Exploits1References5
CVE
CVE
added 2013/11/15 6:16 p.m.52 views

CVE-2013-4510

CVE-2013-4510 describes a directory traversal vulnerability in the Tryton client (3.0.0, prior to 20131104) that allows a remote server to write arbitrary files via path separators in the extension of a report. The issue is documented across multiple sources (including GHSA and OSV entries) with ...

7.8CVSS6.7AI score0.02137EPSS
Exploits1References5Affected Software1
CERT
CERT
added 2008/04/14 12:0 a.m.69 views

Ruby WEBrick vulnerable to directory traversal

Overview Ruby WEBrick is vulnerable to a directory traversal on systems that support backslash \ path separators. This vulnerability may allow an attacker to access arbitrary files outside of the web server root directory. Description WEBrick is a Ruby library program to build HTTP servers...

5CVSS6.6AI score0.18163EPSS
Exploits1References4
Rows per page
Query Builder