7044 matches found
Improper Access Control in MySQL Connector Python
Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/Python. Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connector...
OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege
OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...
OpenStack Identity Keystone Improper Privilege Management
OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...
OpenStack Ironic Exposure of Sensitive Information to an Unauthorized Actor
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...
OpenStack Keystone Denial of Service vulnerability via a large HTTP request
OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service CPU and memory consumption via a large HTTP request, as demonstrated by a long tenantname when requesting a token...
Openstack Manila Persistent XSS in Metadata field
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...
Server-Side Request Forgery in scout-browser
Pypi package scout-browser GitHub repository clinical-genomics/scout prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting...
instack-undercloud vulnerable to symlink attack on tmp files
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...
OpenStack Keystone allows context-dependent attackers to bypass access restrictions
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...
OpenStack Neutron Race Condition vulnerability
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0:...
MoinMoin Cross-site scripting (XSS) vulnerability in the antispam feature
Cross-site scripting XSS vulnerability in the antispam feature security/antispam.py in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content...
OpenStack Keystone and other components vulnerable to Improper Certificate Validation
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...
Mercurial Directory traversal vulnerability
Directory traversal vulnerability in patch.py in Mercurial before 1.0.2 allows user-assisted attackers to modify arbitrary files via ".." dot dot sequences in a patch file...
Zope DocumentTemplate package allows unauthenticated write
The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization...
Plone Cross-site Scripting vulnerability in the LiveSearch module
Cross-site scripting XSS vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag...
Roundup Improper Access Control
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as...
Path Traversal in scout-browser
Scout is a Variant Call Format VCF visualization interface. The Pypi package scout-browser is vulnerable to path traversal due to sendfile call in versions prior to 4.52...
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with 1 the rename parameter or 2 the drawing parameter aka the basename variable...
Zope Cross-site scripting (XSS) vulnerability in ZMI pages
Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...
SaltStack RSA Key Generation allows remote users to decrypt communications
SaltStack RSA Key Generation allows remote users to decrypt communications...
MoinMoin Improper ACL handling for calendars and includes
MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors...
MoinMoin Directory traversal vulnerability
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter. The issue has been...
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 certain input processed by formatter/textgedit.py aka the gui editor formatter; 2 a page name, which triggers an injection in PageEditor.py when the...
Django Arbitrary Code Execution
bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...
MoinMoin Improper Access Control
macroGetval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages. The issue has been fixed on 4a7de0173734...
MoinMoin Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action...
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the page info, or the page name in a 2 AttachFile, 3 RenamePage, or 4 LocalSiteMap action...
Plone credentials stored in session cookie
Plone CMS 3.1.x uses invariant data a client username and a server secret when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network...
FTP backend for Duplicity Discloses Passwords to Process Listing
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments...
Plone Improper Session Management
Plone CMS before 3, places a base64 encoded form of the username and password in the ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network...
MoinMoin Insertion of Sensitive Information into Log File
An information leak was discovered in MoinMoin's debug reporting version 1.5.7, which could expose information about the versions of software running on the host system. MoinMoin administrators can add "showtraceback=0" to their site configurations to disable debug tracebacks...
Plone CMS Improper Session Management
Plone CMS before 3 places a base64 encoded form of the username and password in the ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network...
MoinMoin Cross-Site Scripting (XSS) vulnerability via hitcounts and general parameters
Multiple cross-site scripting XSS vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the 1 hitcounts and 2 general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are...
MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 message, 2 pagename, and 3 target filenames. The issue was fixed on db212dfc58ef...
Zope does not properly verify the access for objects with proxy roles
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration...
Zope does not properly perform security registration for legacy names
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities...
Plone allows remote users to modify arbitrary portraits
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the 1 changeMemberPortrait, 2 deletePersonalPortrait, and 3 testCurrentPassword methods, which allows remote attackers to modify portraits...
Py2Play Unpickles Untrusted Objects
Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes...
Zope Server vulnerable to DoS via header injection
Zope is a Web application server for Linux. Zope versions 2.0 through 2.5.1 b1 are vulnerable to a denial of service attack, caused by a vulnerability that occurs when using the "through the Web code" capability. A remote attacker could inject malicious headers into a response to cause the...
ZCatalog plug-in for Zope allows anonymous users to bypass access restrictions
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes...
Zope allows attackers to modify raw image and file data
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects...
Django Improper Access Control
The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user...
Cheetah Path Search Order Hijacking
Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/...
MoinMoin allows administrative access
MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges...
Zope does not properly restrict access to the getRoles method
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request...
OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor
OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...
MoinMoin Improper Access Control
Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as 1 revert and 2 delete...
Zope DTML implementation Improper Authentication
The DTML implementation in the Z Object Publishing Environment Zope allows remote attackers to conduct unauthorized activities...
Mailman Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the 1 email or 2 language parameters...