National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): python
  • Search Type: Search All
There are 358 matching records.
Displaying matches 321 through 340.
Vuln ID Summary CVSS Severity
CVE-2007-1657

Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.

Published: March 23, 2007; 09:19:00 PM -04:00
V2: 7.5 HIGH
CVE-2007-1359

Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.

Published: March 08, 2007; 05:19:00 PM -05:00
V2: 6.8 MEDIUM
CVE-2007-1253

Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.

Published: March 03, 2007; 03:19:00 PM -05:00
V2: 9.3 HIGH
CVE-2006-4980

Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.

Published: October 10, 2006; 12:06:00 AM -04:00
V2: 7.5 HIGH
CVE-2006-2191

** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable."

Published: September 19, 2006; 05:07:00 PM -04:00
V2: 7.5 HIGH
CVE-2006-4624

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

Published: September 07, 2006; 03:04:00 PM -04:00
V2: 2.6 LOW
CVE-2006-2941

Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".

Published: September 05, 2006; 08:04:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2006-3636

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: September 05, 2006; 08:04:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2006-1712

Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.

Published: April 11, 2006; 03:06:00 PM -04:00
V2: 2.6 LOW
CVE-2006-0052

The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.

Published: March 31, 2006; 06:06:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2006-1542

Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected.

Published: March 30, 2006; 06:02:00 AM -05:00
V2: 3.7 LOW
CVE-2006-1095

Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.

Published: March 09, 2006; 08:06:00 AM -05:00
V2: 7.2 HIGH
CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

Published: January 09, 2006; 06:03:00 PM -05:00
V2: 7.2 HIGH
CVE-2005-3573

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).

Published: November 16, 2005; 02:42:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2005-3302

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.

Published: October 24, 2005; 06:02:00 AM -04:00
V2: 7.5 HIGH
CVE-2005-3291

Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files.

Published: October 23, 2005; 06:02:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2005-2966

The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.

Published: October 05, 2005; 05:02:00 PM -04:00
V2: 5.1 MEDIUM
CVE-2005-3008

Tofu 0.2 allows remote attackers to execute arbitrary Python code via crafted pickled objects, which Tofu unpickles and executes.

Published: September 21, 2005; 04:03:00 PM -04:00
V2: 7.5 HIGH
CVE-2005-2875

Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.

Published: September 13, 2005; 07:03:00 PM -04:00
V2: 7.5 HIGH
CVE-2005-2491

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

Published: August 23, 2005; 12:00:00 AM -04:00
V2: 7.5 HIGH