Searching python software vulnerabilities

ActivePython ActiveX control for Python in the

ActivePython | filesystem | containing | attackers | malicious | arbitrary | Explorer | client's | AXScript | Internet | reading | prevent | package | control | ActiveX | allows | remote | Python | script | files | which | page | used | does | read | web | via | not |

ActivePython ActiveX control for Python in the AXScript package, when used in Internet Explorer, does not prevent a script from reading files from the client's filesystem, which allows remote attackers to read arbitrary files via a malicious web page containing Python script.


Unknown vulnerability in mod_python 3.0.x befor

vulnerability | mod_python | Unknown | before | 30x |

Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.


The publisher handler for mod_python 2.7.8 and

mod_python | publisher | handler |

The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.


The SimpleXMLRPCServer library module in Python

SimpleXMLRPCServer | library | before | Python | module |

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.


Microsoft Windows XP SP1 allows local users to

Microsoft | service | Windows | denial | allows | cause | local | users | SP1 |

Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.


Eval injection vulnerability in Karrigell befor

vulnerability | Karrigell | injection | before | Eval |

Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script.


Integer overflow in pcre_compile.c in Perl Comp

pcre_compilec | Expressions | Compatible | overflow | Regular | Integer | Perl |

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.


Py2Play allows remote attackers to execute arbi

attackers | arbitrary | unpickles | executes | objects | pickled | execute | Py2Play | remote | allows | Python | which | code | via |

Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.


The Python SVG import plugin (diasvg_import.py)

import | plugin | Python | SVG |

The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.


Tofu 0.2 allows remote attackers to execute arb

attackers | arbitrary | unpickles | executes | pickled | crafted | execute | objects | Python | allows | remote | which | Tofu | code | via |

Tofu 0.2 allows remote attackers to execute arbitrary Python code via crafted pickled objects, which Tofu unpickles and executes.


Stani's Python Editor (SPE) 0.7.5 is installed

Stani's | Editor | Python |

Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files.


Eval injection vulnerability in bvh_import.py i

vulnerability | bvh_importpy | injection | Blender | Eval |

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.


The attachment scrubber (Scrubber.py) in Mailma

attachment | scrubber |

The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.


sudo 1.6.8 and other versions does not clear th

sudo |

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.


Directory traversal vulnerability in the FileSe

vulnerability | FileSession | Mod_python | Directory | traversal | module | object |

Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.


Buffer overflow in the repr function in Python

function | overflow | through | before | Python | Buffer | repr |

Buffer overflow in the repr function in Python 2.3 through 2.6 before Tuesday, August 22, 2006 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.


Eval injection vulnerability in the (a) kmz_Imp

vulnerability | injection | Eval |

Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.


Stack-based buffer overflow in the file_compres

file_compress | Stack-based | function | minigzip | overflow | buffer |

Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.


Off-by-one error in the PyLocale_strxfrm functi

Modules/_localemodulec | context-dependent | PyLocale_strxfrm | manipulations | termination | Off-by-one | attackers | incorrect | over-read | portions | function | missing | unknown | trigger | strxfrm | memory | Python | buffer | causes | allows | error | which | null | used | read | size | via | due |

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.


Directory traversal vulnerability in the (1) ex

vulnerability | traversal | Directory |

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.


Software vulnerabilities results 1 to 20 of 24     
Page: 12