111 matches found
python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs
It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory...
Amazon Linux: Security Advisory (ALAS-2014-440)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
python: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs
It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory...
[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution
Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...
Updated python & python3 packages fix two vulnerabilities
Updated python and python3 packages fix security vulnerabilities: Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value tha...
UBUNTU-CVE-2014-4650
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...
CVE-2013-1939
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and 1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a \ backslash character...
PYSEC-2013-28
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report...
CVE-2013-4510
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report...
CVE-2013-4510
CVE-2013-4510 describes a directory traversal vulnerability in the Tryton client (3.0.0, prior to 20131104) that allows a remote server to write arbitrary files via path separators in the extension of a report. The issue is documented across multiple sources (including GHSA and OSV entries) with ...
Ruby WEBrick vulnerable to directory traversal
Overview Ruby WEBrick is vulnerable to a directory traversal on systems that support backslash \ path separators. This vulnerability may allow an attacker to access arbitrary files outside of the web server root directory. Description WEBrick is a Ruby library program to build HTTP servers...