National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): python
  • Search Type: Search All
There are 347 matching records.
Displaying matches 321 through 340.
Vuln ID Summary CVSS Severity
CVE-2006-1095

Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.

Published: March 09, 2006; 08:06:00 AM -05:00
V2: 7.2 HIGH
CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

Published: January 09, 2006; 06:03:00 PM -05:00
V2: 7.2 HIGH
CVE-2005-3573

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).

Published: November 16, 2005; 02:42:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2005-3302

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.

Published: October 24, 2005; 06:02:00 AM -04:00
V2: 7.5 HIGH
CVE-2005-3291

Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files.

Published: October 23, 2005; 06:02:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2005-2966

The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.

Published: October 05, 2005; 05:02:00 PM -04:00
V2: 5.1 MEDIUM
CVE-2005-3008

Tofu 0.2 allows remote attackers to execute arbitrary Python code via crafted pickled objects, which Tofu unpickles and executes.

Published: September 21, 2005; 04:03:00 PM -04:00
V2: 7.5 HIGH
CVE-2005-2875

Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.

Published: September 13, 2005; 07:03:00 PM -04:00
V2: 7.5 HIGH
CVE-2005-2491

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

Published: August 23, 2005; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2005-2483

Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script.

Published: August 07, 2005; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2005-1632

Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/.

Published: May 17, 2005; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2005-0088

The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.

Published: May 02, 2005; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2005-0089

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.

Published: May 02, 2005; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2005-0852

Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.

Published: May 02, 2005; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2004-2680

mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.

Published: December 31, 2004; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2004-0412

Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.

Published: August 18, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2004-0150

Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.

Published: April 15, 2004; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2003-0991

Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.

Published: March 03, 2004; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2004-0096

Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.

Published: March 03, 2004; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2003-0965

Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.

Published: February 17, 2004; 12:00:00 AM -05:00
V2: 6.8 MEDIUM