Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python python 2.1 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2015-5082
Endian Firewall prior to 3.0 allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.
Endian Firewall Endian Firewall
3 EDB exploits
8.5
CVSSv2
CVE-2012-5487
The sandbox whitelisting function (allowmodule.py) in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Plone Plone 1.0
Plone Plone 1.0.1
Plone Plone 1.0.2
Plone Plone 2.1.2
Plone Plone 2.1.3
Plone Plone 2.1.4
Plone Plone 2.5
Plone Plone 3.1.1
Plone Plone 3.1.2
Plone Plone 3.1.3
Plone Plone 3.1.4
Plone Plone 4.0
Plone Plone 4.0.1
Plone Plone 4.0.2
Plone Plone 4.0.3
Plone Plone 4.2
Plone Plone 4.2.0.1
Plone Plone 4.2.1.1
Plone Plone 4.2.1
Plone Plone 2.0
Plone Plone 2.0.1
Plone Plone 2.0.2
8.5
CVSSv2
CVE-2012-5493
gtbn.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
Plone Plone 4.3
Plone Plone
Plone Plone 4.2.1
Plone Plone 4.2.1.1
Plone Plone 4.0.6.1
Plone Plone 4.0.5
Plone Plone 4.0.4
Plone Plone 4.0.3
Plone Plone 3.1.7
Plone Plone 3.1.6
Plone Plone 3.1.5.1
Plone Plone 3.1.4
Plone Plone 2.5.3
Plone Plone 4.2
Plone Plone 3.3.4
Plone Plone 3.3.3
Plone Plone 3.3.2
Plone Plone 3.3.1
Plone Plone 3.3
Plone Plone 3.0.6
Plone Plone 3.0.5
Plone Plone 3.0.4
7.5
CVSSv2
CVE-2019-14234
An issue exists in Django 1.11.x prior to 1.11.23, 2.1.x prior to 2.1.11, and 2.2.x prior to 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, w...
Djangoproject Django
Fedoraproject Fedora 30
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
7.5
CVSSv2
CVE-2018-7753
An issue exists in Bleach 2.1.x prior to 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide throu...
Mozilla Bleach 2.1
Mozilla Bleach 2.1.2
Mozilla Bleach 2.1.1
7.5
CVSSv2
CVE-2016-10033
The mailSend function in the isMail transport in PHPMailer prior to 5.2.18 might allow remote malicious users to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
Phpmailer Project Phpmailer
Wordpress Wordpress
Joomla Joomla\\!
9 EDB exploits
120 Github repositories
7.5
CVSSv2
CVE-2016-0718
Expat allows context-dependent malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Mozilla Firefox
Apple Mac Os X
Suse Linux Enterprise Server 11
Suse Studio Onsite 1.3
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Debuginfo 11
Opensuse Leap 42.1
Suse Linux Enterprise Software Development Kit 12
Suse Linux Enterprise Server 12
Suse Linux Enterprise Desktop 12
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Libexpat Project Libexpat
Debian Debian Linux 8.0
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Mcafee Policy Auditor
Python Python
1 Article
7.5
CVSSv2
CVE-2008-0252
Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote malicious users to create or delete arbitrary files, a...
Cherrypy Cherrypy
7.5
CVSSv2
CVE-2005-2483
Eval injection vulnerability in Karrigell prior to 2.1.8 allows remote malicious users to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script.
Karrigell Karrigell 2.0.3
Karrigell Karrigell 2.0.4
Karrigell Karrigell 2.1.4
Karrigell Karrigell 2.1.5
Karrigell Karrigell 2.0.5
Karrigell Karrigell 2.0 Beta
Karrigell Karrigell 2.0.1
Karrigell Karrigell 2.0.2
Karrigell Karrigell 2.1.2
Karrigell Karrigell 2.1.3
Karrigell Karrigell 2.0
Karrigell Karrigell 2.1
Karrigell Karrigell 2.1.1
1 EDB exploit
7.5
CVSSv2
CVE-2005-0088
The publisher handler for mod_python 2.7.8 and previous versions allows remote malicious users to obtain access to restricted objects via a crafted URL.
Apache Mod Python 1.9a
Apache Mod Python 2.0
Apache Mod Python 2.6
Apache Mod Python 2.6.1
Apache Mod Python 2.7.3
Apache Mod Python 2.7.4
Apache Mod Python 2.7.5
Apache Mod Python 2.1
Apache Mod Python 2.2
Apache Mod Python 2.6.2
Apache Mod Python 2.6.3
Apache Mod Python 2.7.6
Apache Mod Python 2.7.7
Apache Mod Python 2.3
Apache Mod Python 2.4
Apache Mod Python 2.6.4
Apache Mod Python 2.7
Apache Mod Python
Apache Mod Python 2.4.1
Apache Mod Python 2.5
Apache Mod Python 2.7.1
Apache Mod Python 2.7.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »