Lucene search
K

4602 matches found

PyPA
PyPA
added 2010/02/26 7:30 p.m.7 views

PYSEC-2010-15

Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured...

6.8CVSS6.9AI score0.02181EPSS
Exploits0References20Affected Software1
PyPA
PyPA
added 2010/02/26 7:30 p.m.6 views

PYSEC-2010-2

MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors...

7.5CVSS7AI score0.01897EPSS
Exploits0References12Affected Software1
PyPA
PyPA
added 2010/02/26 7:30 p.m.5 views

PYSEC-2010-3

The default configuration of cfg.packagepagesactionsexcluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors...

7.5CVSS7AI score0.01973EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2010/02/26 7:30 p.m.7 views

PYSEC-2010-14

MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAYINTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors...

5CVSS6.7AI score0.01869EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added 2009/12/23 9:30 p.m.8 views

PYSEC-2009-7

Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to 1 "policy checks in report results when using alternate formats" or 2 a "check for the 'raw' role that is missing in docutils 0.6."...

7.5CVSS7AI score0.01968EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2009/10/22 4:30 p.m.9 views

PYSEC-2009-18

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

7.5CVSS5.8AI score0.02702EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2009/10/13 10:30 a.m.7 views

PYSEC-2009-4

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service CPU consumption via a crafted 1 EmailField email address or 2 URLField URL that triggers a large amount of backtracking in a regular...

5CVSS6.7AI score0.03686EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added 2009/09/08 6:30 p.m.9 views

PYSEC-2009-10

Unspecified vulnerability in the Zope Enterprise Objects ZEO storage-server functionality in Zope Object Database ZODB 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via...

6CVSS6.9AI score0.00971EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2009/08/26 2:24 p.m.6 views

PYSEC-2009-2

Multiple cross-site scripting XSS vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959...

4.3CVSS6AI score0.02265EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2009/08/25 5:30 p.m.9 views

PYSEC-2009-1

Cross-site scripting XSS vulnerability in the waterfall web status view status/web/waterfall.py in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.02008EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2009/08/07 7:30 p.m.7 views

PYSEC-2009-9

Zope Object Database ZODB before 3.8.2, when certain Zope Enterprise Objects ZEO database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol...

7.5CVSS7.2AI score0.0286EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2009/08/07 7:30 p.m.8 views

PYSEC-2009-8

Unspecified vulnerability in Zope Object Database ZODB before 3.8.2, when certain Zope Enterprise Objects ZEO database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol...

6.5CVSS7.8AI score0.02163EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2009/08/04 4:30 p.m.7 views

PYSEC-2009-3

The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL...

5CVSS6.9AI score0.02265EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2009/04/29 6:30 p.m.9 views

PYSEC-2009-6

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an AttachFile sub-action in the errormsg function or 2 multiple vectors related to package file errors in the uploadform...

4.3CVSS6AI score0.05435EPSS
Exploits2References11Affected Software1
PyPA
PyPA
added 2009/04/23 5:30 p.m.7 views

PYSEC-2009-17

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors...

6CVSS5.9AI score0.00962EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2009/04/03 6:30 p.m.10 views

PYSEC-2009-13

MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when aclhierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937...

6.8CVSS7.1AI score0.01656EPSS
Exploits2References8Affected Software1
PyPA
PyPA
added 2009/03/30 1:30 a.m.9 views

PYSEC-2009-11

The rst parser parser/textrst.py in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors...

5CVSS6.9AI score0.01003EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2009/03/30 1:30 a.m.6 views

PYSEC-2009-5

schema.py in FormEncode for Python python-formencode 1.0 does not apply the chainedvalidators feature, which allows attackers to bypass intended access restrictions via unknown vectors...

7.5CVSS6.9AI score0.01488EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2009/03/30 1:30 a.m.10 views

PYSEC-2009-12

The passwordchecker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service segmentation fault and crash via unknown vectors...

5CVSS6.8AI score0.01484EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2009/02/03 11:30 a.m.8 views

PYSEC-2009-16

Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11, and GStreamer Plug-ins aka gstreamer-plugins 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample aka...

9.3CVSS6.4AI score0.07147EPSS
Exploits1References22Affected Software1
PyPA
PyPA
added 2009/02/02 7:30 p.m.7 views

PYSEC-2009-15

Array index error in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted Sync Sample aka stss atom da...

9.3CVSS6.2AI score0.06483EPSS
Exploits1References18Affected Software1
PyPA
PyPA
added 2009/02/02 7:30 p.m.9 views

PYSEC-2009-14

Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample ctts atom data in a malformed QuickTime medi...

9.3CVSS6.4AI score0.07147EPSS
Exploits1References18Affected Software1
PyPA
PyPA
added 2008/12/17 6:30 p.m.9 views

PYSEC-2008-7

Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...

5CVSS6.8AI score0.0107EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2008/12/17 6:30 p.m.11 views

PYSEC-2008-6

Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup."...

7.5CVSS6.7AI score0.01227EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2008/09/04 5:41 p.m.7 views

PYSEC-2008-2

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified requests...

5.8CVSS7.3AI score0.00931EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added 2008/07/30 6:41 p.m.9 views

PYSEC-2008-13

Multiple cross-site scripting XSS vulnerabilities in macro/AdvancedSearch.py in moin and MoinMoin 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.0209EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2008/07/27 10:41 p.m.7 views

PYSEC-2008-5

Cross-site scripting XSS vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS6AI score0.01335EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2008/07/27 10:41 p.m.7 views

PYSEC-2008-4

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function...

6.1CVSS7AI score0.01834EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2008/06/13 7:41 p.m.8 views

PYSEC-2008-11

Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service divide-by-zero and application crash via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function...

4.3CVSS6.7AI score0.01901EPSS
Exploits1References11Affected Software1
PyPA
PyPA
added 2008/05/23 3:32 p.m.7 views

PYSEC-2008-1

Cross-site scripting XSS vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request...

4.3CVSS6AI score0.01312EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2008/04/25 6:5 a.m.8 views

PYSEC-2008-12

The user form processing userform.py in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges...

6.8CVSS7.2AI score0.01656EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2008/03/24 10:44 p.m.7 views

PYSEC-2008-10

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the 1 list, 2 display, and 3 set methods...

6.4CVSS6.9AI score0.01743EPSS
Exploits0References15Affected Software1
PyPA
PyPA
added 2008/03/24 10:44 p.m.6 views

PYSEC-2008-9

Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting XSS...

4.3CVSS6.4AI score0.01486EPSS
Exploits0References14Affected Software1
PyPA
PyPA
added 2008/03/20 12:44 a.m.8 views

PYSEC-2008-14

Multiple cross-site request forgery CSRF vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to 1 add arbitrary accounts via the joinform page and 2 change the privileges of arbitrary groups via the prefsgroupsoverview page...

4.3CVSS7.3AI score0.00642EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2008/03/20 12:44 a.m.8 views

PYSEC-2008-15

Multiple cross-site request forgery CSRF vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to 1 add arbitrary accounts via the joinform page and 2 change the privileges of arbitrary groups via the prefsgroupsoverview page...

4.3CVSS5.9AI score0.00642EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2008/01/16 11:0 p.m.7 views

PYSEC-2008-8

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool...

4.3CVSS6.6AI score0.0162EPSS
Exploits1References13Affected Software1
PyPA
PyPA
added 2008/01/12 2:46 a.m.6 views

PYSEC-2008-3

Directory traversal vulnerability in the getfilepath function in 1 lib/sessions.py in CherryPy 3.0.x up to 3.0.2, 2 filter/sessionfilter.py in CherryPy 2.1, and 3 filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write...

7.5CVSS7.1AI score0.02647EPSS
Exploits1References19Affected Software1
PyPA
PyPA
added 2007/11/07 9:46 p.m.7 views

PYSEC-2007-4

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the 1 statusmessages or 2 linkintegrity module, which the module unpickles and executes...

7.5CVSS7.9AI score0.02187EPSS
Exploits0References12Affected Software1
PyPA
PyPA
added 2007/10/30 7:46 p.m.6 views

PYSEC-2007-1

The internationalization i18n framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USEI18N option and the i18n component are enabled, allows remote attackers to cause a denial of service memory consumption via many HTTP requests with large...

2.6CVSS6.8AI score0.01799EPSS
Exploits0References13Affected Software1
PyPA
PyPA
added 2007/03/10 10:19 p.m.8 views

PYSEC-2007-3

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS7AI score0.01342EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2007/03/10 10:19 p.m.6 views

PYSEC-2007-2

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

4.3CVSS5.9AI score0.01089EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2006/12/07 11:28 p.m.8 views

PYSEC-2006-10

Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."...

4.3CVSS5.8AI score0.00996EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2006/12/07 11:28 p.m.9 views

PYSEC-2006-6

Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."...

4.3CVSS6.9AI score0.00996EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2006/11/14 7:7 p.m.6 views

PYSEC-2006-3

Cross-site request forgery CSRF vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors...

7.5CVSS7AI score0.02108EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2006/09/29 7:7 p.m.9 views

PYSEC-2006-5

Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."...

6.4CVSS6.8AI score0.01003EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2006/09/29 7:7 p.m.9 views

PYSEC-2006-9

Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."...

6.4CVSS5.8AI score0.01003EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2006/09/19 6:7 p.m.6 views

PYSEC-2006-8

The docutils module in Zope Zope2 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText reST markup, which allows remote attackers to read arbitrary files via a csvtable directive, a different vulnerability than CVE-2006-3458...

5CVSS7AI score0.02378EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added 2006/07/21 2:3 p.m.9 views

PYSEC-2006-2

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...

6.8CVSS6.3AI score0.01864EPSS
Exploits0References10Affected Software1
PyPA
PyPA
added 2006/07/07 11:5 p.m.5 views

PYSEC-2006-7

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 Zope2 does not disable the "raw" command when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows local users to read arbitrary files...

2.1CVSS6.7AI score0.00422EPSS
Exploits0References13Affected Software1
PyPA
PyPA
added 2006/05/18 11:2 p.m.5 views

PYSEC-2006-4

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via 1 the asfreadheader function in the ASF plugin plugins/asfextractor.c, and 2 the parsetrakatom function in the QT plugin plugins/qtextractor.c...

4CVSS8.2AI score0.0892EPSS
Exploits1References18Affected Software1
Total number of security vulnerabilities4602