Lucene search
K

5613 matches found

PyPA
PyPA
added 2007/03/10 10:19 p.m.8 views

PYSEC-2007-3

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS7AI score0.01342EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2007/03/10 10:19 p.m.6 views

PYSEC-2007-2

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS5.9AI score0.01089EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2006/12/07 11:28 p.m.8 views

PYSEC-2006-10

Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."...

4.3CVSS5.8AI score0.00996EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2006/12/07 11:28 p.m.9 views

PYSEC-2006-6

Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."...

4.3CVSS6.9AI score0.00996EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2006/11/14 7:7 p.m.6 views

PYSEC-2006-3

Cross-site request forgery CSRF vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors...

7.5CVSS7AI score0.02108EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2006/09/29 7:7 p.m.9 views

PYSEC-2006-5

Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."...

6.4CVSS6.8AI score0.01003EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2006/09/29 7:7 p.m.9 views

PYSEC-2006-9

Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."...

6.4CVSS5.8AI score0.01003EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2006/09/19 6:7 p.m.6 views

PYSEC-2006-8

The docutils module in Zope Zope2 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText reST markup, which allows remote attackers to read arbitrary files via a csvtable directive, a different vulnerability than CVE-2006-3458...

5CVSS7AI score0.02378EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added 2006/07/21 2:3 p.m.10 views

PYSEC-2006-2

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...

6.8CVSS6.3AI score0.01864EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2006/07/07 11:5 p.m.6 views

PYSEC-2006-7

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 Zope2 does not disable the "raw" command when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows local users to read arbitrary files...

2.1CVSS6.7AI score0.00422EPSS
Exploits0References13Affected Software1
PyPA
PyPA
added 2006/05/18 11:2 p.m.6 views

PYSEC-2006-4

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via 1 the asfreadheader function in the ASF plugin plugins/asfextractor.c, and 2 the parsetrakatom function in the QT plugin plugins/qtextractor.c...

4CVSS8.2AI score0.0892EPSS
Exploits1References18Affected Software1
PyPA
PyPA
added 2006/02/22 2:2 a.m.6 views

PYSEC-2006-1

Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors...

5CVSS7AI score0.02327EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2005/12/31 5:0 a.m.7 views

PYSEC-2005-1

Cross-site scripting XSS vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...

4.3CVSS6AI score0.0151EPSS
Exploits1References9Affected Software1
Total number of security vulnerabilities5613