Searching mod python software vulnerabilities

ActivePython ActiveX control for Python in the

ActivePython | filesystem | containing | attackers | malicious | arbitrary | Explorer | client's | AXScript | Internet | reading | prevent | package | control | ActiveX | allows | remote | Python | script | files | which | page | used | does | read | web | via | not |

ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script.


Unknown vulnerability in mod_python 3.0.x befor

vulnerability | mod_python | Unknown | before | 30x |

Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.


mod_python (libapache2-mod-python) 3.1.4 and ea

mod_python |

mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.


The SimpleXMLRPCServer library module in Python

SimpleXMLRPCServer | library | before | Python | module |

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.


Microsoft Windows XP SP1 allows local users to

Microsoft | service | Windows | denial | allows | cause | local | users | SP1 |

Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.


Eval injection vulnerability in Karrigell befor

vulnerability | Karrigell | injection | before | Eval |

Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script.


Integer overflow in pcre_compile.c in Perl Comp

pcre_compilec | Expressions | Compatible | overflow | Regular | Integer | Perl |

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.


Py2Play allows remote attackers to execute arbi

attackers | arbitrary | unpickles | executes | objects | pickled | execute | Py2Play | remote | allows | Python | which | code | via |

Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.


The Python SVG import plugin (diasvg_import.py)

import | plugin | Python | SVG |

The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.


Tofu 0.2 allows remote attackers to execute arb

attackers | arbitrary | unpickles | executes | pickled | crafted | execute | objects | Python | allows | remote | which | Tofu | code | via |

Tofu 0.2 allows remote attackers to execute arbitrary Python code via crafted pickled objects, which Tofu unpickles and executes.


Stani's Python Editor (SPE) 0.7.5 is installed

Stani's | Editor | Python |

Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files.


Eval injection vulnerability in bvh_import.py i

vulnerability | bvh_importpy | injection | Blender | Eval |

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.


The attachment scrubber (Scrubber.py) in Mailma

attachment | scrubber |

The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.


sudo 1.6.8 and other versions does not clear th

sudo |

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.


Directory traversal vulnerability in the FileSe

vulnerability | FileSession | Mod_python | Directory | traversal | module | object |

Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | mambo-phpshop | inclusion | Multiple | Scroller | modules | Product | Module | remote | other | file | PHP |

Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php.


Buffer overflow in the repr function in Python

function | overflow | through | before | Python | Buffer | repr |

Buffer overflow in the repr function in Python 2.3 through 2.6 before Tuesday, August 22, 2006 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.


Interpretation conflict in ModSecurity (mod_sec

Interpretation | ModSecurity | conflict |

Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.


Stack-based buffer overflow in the file_compres

file_compress | Stack-based | function | minigzip | overflow | buffer |

Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.


Multiple PHP remote file inclusion vulnerabilit

vulnerabilities | config[pathMod] | inclusion | attackers | arbitrary | parameter | Multiple | indexphp | execute | earlier | remote | PMECMS | allow | file | code | PHP | via | URL |

Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/.


Software vulnerabilities results 1 to 20 of 219     
Page: 12345...11