<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://db.gcve.eu/rss/recent/pysec/10</id>
  <title>Most recent entries from pysec</title>
  <updated>2026-07-05T12:19:30.187788+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@gcve.eu</email>
  </author>
  <link href="https://db.gcve.eu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent entries.</subtitle>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2005-1</id>
    <title>pysec-2005-1</title>
    <updated>2021-07-16T01:31:33.917972+00:00</updated>
    <content>Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2005-1"/>
    <summary>Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.</summary>
    <published>2005-12-31T05:00:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2006-1</id>
    <title>pysec-2006-1</title>
    <updated>2021-07-05T00:01:17.388273+00:00</updated>
    <content>Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2006-1"/>
    <summary>Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.</summary>
    <published>2006-02-22T02:02:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2006-4</id>
    <title>pysec-2006-4</title>
    <updated>2024-11-25T22:09:33.909779+00:00</updated>
    <content>Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).</content>
    <link href="https://db.gcve.eu/vuln/pysec-2006-4"/>
    <summary>Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).</summary>
    <published>2006-05-18T23:02:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2006-7</id>
    <title>pysec-2006-7</title>
    <updated>2024-11-21T14:23:03.576588+00:00</updated>
    <content>Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2006-7"/>
    <summary>Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.</summary>
    <published>2006-07-07T23:05:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2006-2</id>
    <title>pysec-2006-2</title>
    <updated>2021-07-16T01:31:33.987147+00:00</updated>
    <content>Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2006-2"/>
    <summary>Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.</summary>
    <published>2006-07-21T14:03:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2006-8</id>
    <title>pysec-2006-8</title>
    <updated>2024-11-21T14:23:03.633470+00:00</updated>
    <content>The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2006-8"/>
    <summary>The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.</summary>
    <published>2006-09-19T18:07:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2006-5</id>
    <title>pysec-2006-5</title>
    <updated>2026-07-01T20:23:00.407119+00:00</updated>
    <content>Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."</content>
    <link href="https://db.gcve.eu/vuln/pysec-2006-5"/>
    <summary>Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."</summary>
    <published>2006-09-29T19:07:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2006-9</id>
    <title>pysec-2006-9</title>
    <updated>2026-04-23T00:35:47.467000+00:00</updated>
    <content>Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."</content>
    <link href="https://db.gcve.eu/vuln/pysec-2006-9"/>
    <summary>Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."</summary>
    <published>2006-09-29T19:07:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2006-3</id>
    <title>pysec-2006-3</title>
    <updated>2021-07-16T01:31:34.062903+00:00</updated>
    <content>Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2006-3"/>
    <summary>Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.</summary>
    <published>2006-11-14T19:07:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2006-10</id>
    <title>pysec-2006-10</title>
    <updated>2026-04-23T00:35:47.467000+00:00</updated>
    <content>Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."</content>
    <link href="https://db.gcve.eu/vuln/pysec-2006-10"/>
    <summary>Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."</summary>
    <published>2006-12-07T23:28:00+00:00</published>
  </entry>
</feed>
