Plone Request Parsing Remote Command Execution

The version of Plone hosted on the remote web server has a flaw that allows arbitrary access to Python modules. Using a specially crafted URL, this can allow an unauthenticated, remote attacker the ability to run arbitrary commands on the system through the Python 'os' module in the context of th...

CVE-2011-3587

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

Design/Logic Flaw

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

PYSEC-2011-26

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

PYSEC-2011-26

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

CVE-2011-3587

CVE-2011-3587 affects Zope 2.12.x and 2.13.x, as used by Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2. The underlying issue is an unspecified vulnerability in the p_ class in OFS/misc_.py and the use of Python modules that allows a remote attacker to execute arbitrary commands. Affected ...

CVE-2011-3587

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

Fedora Update for python-mako FEDORA-2010-10544

Check for the Version of python-mako OpenVAS Vulnerability Test Fedora Update for python-mako FEDORA-2010-10544 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Code injection

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

CVE-2008-6954

CVE-2008-6954 affects CobblerWeb in Cobbler before 1.2.9, where the Cheetah template engine can execute Python statements embedded in kickstart templates. This enables remote authenticated users to run arbitrary Python code in cobblerd, effectively compromising the server. The vulnerability stems...

Fedora 10 : dia-0.96.1-9.fc10 (2009-0943)

Filter out untrusted python modules search path to remove the possibility to run arbitrary code on the user's system if there is a python file in dia's working directory named the same as one that dia's python scripts try to import. Note that Tenable Network Security has extracted the preceding...

GLSA-200903-41 : gedit: Untrusted search path

The remote host is affected by the vulnerability described in GLSA-200903-41 gedit: Untrusted search path James Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983. Impact : A local attacker could entice a user to...

gedit: Untrusted search path

Background gedit is a text editor for the GNOME desktop. Description James Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983. Impact A local attacker could entice a user to open gedit from a specially crafted...

[SECURITY] Fedora 10 Update: python-fedora-0.3.9-1.fc10

Python modules that help with building Fedora Services. This includes a JS ON based auth provider for authenticating against FAS2 over the network and a client that handles communication with the servers. The client module can be used to build programs that communicate with Fedora Infrastructure'...

[SECURITY] Fedora 9 Update: python-fedora-0.3.9-1.fc9

Python modules that help with building Fedora Services. This includes a JS ON based auth provider for authenticating against FAS2 over the network and a client that handles communication with the servers. The client module can be used to build programs that communicate with Fedora Infrastructure'...

Fedora Core 10 FEDORA-2009-0943 (dia)

The remote host is missing an update to dia announced via advisory FEDORA-2009-0943. OpenVAS Vulnerability Test $Id: fcore20090943.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-0943 dia Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Fedora Core 10 FEDORA-2009-0943 (dia)

The remote host is missing an update to dia announced via advisory FEDORA-2009-0943. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Fedora Core 9 FEDORA-2009-1057 (dia)

The remote host is missing an update to dia announced via advisory FEDORA-2009-1057. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Design/Logic Flaw

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the 1 ys-apps/portage, 2 net-mail/fetchmail, 3 app-editors/le...