Lucene search
K

4602 matches found

PyPA
PyPA
added 2011/07/19 8:55 p.m.10 views

PYSEC-2011-32

Unspecified vulnerability in 1 Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and 2 PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability...

7.5CVSS5.8AI score0.03171EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2011/07/19 8:55 p.m.8 views

PYSEC-2011-25

Unspecified vulnerability in 1 Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and 2 PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability...

7.5CVSS7.3AI score0.03171EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2011/06/06 7:55 p.m.6 views

PYSEC-2011-14

Cross-site scripting XSS vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS5.9AI score0.02367EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2011/06/06 7:55 p.m.11 views

PYSEC-2011-16

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...

5.5CVSS7AI score0.01579EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2011/06/06 7:55 p.m.8 views

PYSEC-2011-15

Cross-site scripting XSS vulnerability in the safehtml filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422...

4.3CVSS6AI score0.01257EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2011/04/11 6:55 p.m.6 views

PYSEC-2011-18

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas...

4.3CVSS6AI score0.0453EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2011/04/11 6:55 p.m.6 views

PYSEC-2011-21

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI...

4.3CVSS6AI score0.02326EPSS
Exploits0References12Affected Software1
PyPA
PyPA
added 2011/04/11 6:55 p.m.5 views

PYSEC-2011-20

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...

4.3CVSS6.1AI score0.02443EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added 2011/04/11 6:55 p.m.7 views

PYSEC-2011-19

feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0.1 allows remote attackers to cause a denial of service application crash via a malformed DOCTYPE declaration...

5CVSS6.8AI score0.03233EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added 2011/03/14 7:55 p.m.5 views

PYSEC-2011-7

Multiple SQL injection vulnerabilities in the getuserinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the 1 user or 2 pw argument. NOTE: some of these details are obtained from third party...

7.5CVSS8.8AI score0.01796EPSS
Exploits0References15Affected Software1
PyPA
PyPA
added 2011/02/22 6:0 p.m.6 views

PYSEC-2011-6

Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some...

2.6CVSS6.1AI score0.02517EPSS
Exploits1References15Affected Software1
PyPA
PyPA
added 2011/02/14 9:0 p.m.11 views

PYSEC-2011-30

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

6.8CVSS5.8AI score0.01589EPSS
Exploits1References18Affected Software1
PyPA
PyPA
added 2011/02/14 9:0 p.m.9 views

PYSEC-2011-31

Cross-site scripting XSS vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload...

4.3CVSS5.9AI score0.01774EPSS
Exploits0References18Affected Software1
PyPA
PyPA
added 2011/02/14 9:0 p.m.6 views

PYSEC-2011-10

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

6.8CVSS6.9AI score0.01589EPSS
Exploits1References19Affected Software1
PyPA
PyPA
added 2011/02/14 9:0 p.m.6 views

PYSEC-2011-12

Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / slash character in a key in a session cookie, related to session replays...

7.5CVSS7.1AI score0.02856EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2011/02/14 9:0 p.m.6 views

PYSEC-2011-11

Cross-site scripting XSS vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload...

4.3CVSS6AI score0.01774EPSS
Exploits0References19Affected Software1
PyPA
PyPA
added 2011/02/03 5:0 p.m.6 views

PYSEC-2011-13

Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors...

7.5CVSS7.1AI score0.03171EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added 2011/01/10 8:0 p.m.9 views

PYSEC-2011-29

The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service resource consumption via a URL that...

5CVSS5.8AI score0.03348EPSS
Exploits0References14Affected Software1
PyPA
PyPA
added 2011/01/10 8:0 p.m.10 views

PYSEC-2011-28

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...

4CVSS5.8AI score0.01697EPSS
Exploits1References18Affected Software1
PyPA
PyPA
added 2011/01/10 8:0 p.m.6 views

PYSEC-2011-9

The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service resource consumption via a URL that...

5CVSS6.9AI score0.03348EPSS
Exploits0References15Affected Software1
PyPA
PyPA
added 2011/01/10 8:0 p.m.5 views

PYSEC-2011-8

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...

4CVSS6.5AI score0.01697EPSS
Exploits1References19Affected Software1
PyPA
PyPA
added 2010/11/06 12:0 a.m.5 views

PYSEC-2010-29

Multiple cross-site scripting XSS vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to 1 paste.urlparser.StaticURLParser, 2...

4.3CVSS5.9AI score0.02288EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.5 views

PYSEC-2010-10

Memory leak in the ondtpclose function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service memory consumption by sending a QUIT command during a data transfer...

4CVSS6.8AI score0.01156EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.5 views

PYSEC-2010-8

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerabilit...

4.3CVSS7AI score0.01582EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.5 views

PYSEC-2010-24

The ftpSTOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command...

4CVSS6.6AI score0.01156EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.7 views

PYSEC-2010-21

FTPServer.py in pyftpdlib before 0.2.0 does not increment the attemptedlogins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack...

7.5CVSS6.9AI score0.01354EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.6 views

PYSEC-2010-11

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or ...

5CVSS7AI score0.03627EPSS
Exploits0References12Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.6 views

PYSEC-2010-20

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. dot dot in a 1 LIST, 2 STOR, or 3 RETR command...

6.5CVSS7.1AI score0.0126EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.6 views

PYSEC-2010-27

Race condition in ZEO/StorageServer.py in Zope Object Database ZODB before 3.10.0 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpect...

5CVSS7AI score0.03627EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.5 views

PYSEC-2010-23

FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command...

5CVSS6.8AI score0.01447EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.6 views

PYSEC-2010-22

pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command...

5CVSS6.6AI score0.01127EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.7 views

PYSEC-2010-25

The ftpPORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via...

7.5CVSS6.8AI score0.01959EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.5 views

PYSEC-2010-6

The ftpQUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service file descriptor exhaustion and daemon outage by sending a QUIT command during a disallowed data-transfer attempt...

4CVSS6.8AI score0.01375EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.5 views

PYSEC-2010-5

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack...

7.5CVSS6.8AI score0.0156EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.8 views

PYSEC-2010-4

Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a 1 CWD, 2 DELE, 3 STOR, or 4 RETR command...

6.5CVSS7.1AI score0.01412EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.6 views

PYSEC-2010-9

ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session...

4CVSS6.8AI score0.01031EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2010/10/19 8:0 p.m.8 views

PYSEC-2010-7

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different...

4.3CVSS7AI score0.01582EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added 2010/09/24 7:0 p.m.6 views

PYSEC-2010-31

Cross-site scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program...

4.3CVSS6AI score0.0253EPSS
Exploits0References15Affected Software1
PyPA
PyPA
added 2010/09/14 7:0 p.m.7 views

PYSEC-2010-12

Cross-site scripting XSS vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken aka csrftoken cookie...

4.3CVSS6AI score0.019EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2010/09/08 8:0 p.m.8 views

PYSEC-2010-33

ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service crash of worker threads via vectors that trigger uncaught exceptions...

4.3CVSS5.8AI score0.01528EPSS
Exploits1References7
PyPA
PyPA
added 2010/09/08 8:0 p.m.6 views

PYSEC-2010-32

ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service crash of worker threads via vectors that trigger uncaught exceptions...

4.3CVSS6.8AI score0.01528EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2010/08/05 1:22 p.m.6 views

PYSEC-2010-17

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/LikePages.py, 2 action/chart.py, and 3 action/userprofile.py, a similar issue to...

4.3CVSS5.9AI score0.02657EPSS
Exploits1References14Affected Software1
PyPA
PyPA
added 2010/08/05 1:22 p.m.5 views

PYSEC-2010-16

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 Page.py, 2 PageEditor.py, 3 PageGraphicalEditor.py, 4 action/CopyPage.py, 5...

4.3CVSS5.9AI score0.02657EPSS
Exploits1References18Affected Software1
PyPA
PyPA
added 2010/08/05 1:22 p.m.7 views

PYSEC-2010-18

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/SlideShow.py, 2 action/anywikidraw.py, and 3 action/languagesetup.py, a similar issue to CVE-2010-2487...

4.3CVSS6AI score0.02657EPSS
Exploits1References14Affected Software1
PyPA
PyPA
added 2010/07/02 7:30 p.m.10 views

PYSEC-2010-26

Dan Pascu python-cjson 1.0.5 does not properly handle a '/' argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting XSS attacks involving Firefox and the end tag of a SCRIPT element...

4.3CVSS5.9AI score0.01343EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2010/07/02 7:0 p.m.6 views

PYSEC-2010-30

Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service application crash or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function...

6.8CVSS7.7AI score0.01665EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2010/07/02 7:0 p.m.6 views

PYSEC-2010-1

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting XSS protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element...

4.3CVSS5.6AI score0.01809EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2010/06/24 12:17 p.m.4 views

PYSEC-2010-19

Cross-site scripting XSS vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safehtml transform...

4.3CVSS6AI score0.01227EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2010/04/05 3:30 p.m.5 views

PYSEC-2010-28

Cross-site scripting XSS vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI...

3.5CVSS5.8AI score0.02243EPSS
Exploits1References19Affected Software1
PyPA
PyPA
added 2010/03/29 8:30 p.m.8 views

PYSEC-2010-13

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603...

7.5CVSS7.1AI score0.03001EPSS
Exploits1References10Affected Software1
Total number of security vulnerabilities4602