<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://db.gcve.eu/rss/recent/pysec/10</id>
  <title>Most recent entries from pysec</title>
  <updated>2026-07-05T12:19:30.090177+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@gcve.eu</email>
  </author>
  <link href="https://db.gcve.eu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent entries.</subtitle>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2010-13</id>
    <title>pysec-2010-13</title>
    <updated>2010-05-27T05:47:00+00:00</updated>
    <content>MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2010-13"/>
    <summary>MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.</summary>
    <published>2010-03-29T20:30:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2010-20</id>
    <title>pysec-2010-20</title>
    <updated>2010-10-20T04:00:00+00:00</updated>
    <content>Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2010-20"/>
    <summary>Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.</summary>
    <published>2010-10-19T20:00:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2010-21</id>
    <title>pysec-2010-21</title>
    <updated>2010-10-20T04:00:00+00:00</updated>
    <content>FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2010-21"/>
    <summary>FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.</summary>
    <published>2010-10-19T20:00:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2010-22</id>
    <title>pysec-2010-22</title>
    <updated>2010-10-20T04:00:00+00:00</updated>
    <content>pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2010-22"/>
    <summary>pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.</summary>
    <published>2010-10-19T20:00:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2010-23</id>
    <title>pysec-2010-23</title>
    <updated>2010-10-20T04:00:00+00:00</updated>
    <content>FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2010-23"/>
    <summary>FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.</summary>
    <published>2010-10-19T20:00:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2010-24</id>
    <title>pysec-2010-24</title>
    <updated>2010-10-20T04:00:00+00:00</updated>
    <content>The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2010-24"/>
    <summary>The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.</summary>
    <published>2010-10-19T20:00:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2010-25</id>
    <title>pysec-2010-25</title>
    <updated>2010-10-20T04:00:00+00:00</updated>
    <content>The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2010-25"/>
    <summary>The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.</summary>
    <published>2010-10-19T20:00:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2009-6</id>
    <title>pysec-2009-6</title>
    <updated>2017-08-17T01:30:00+00:00</updated>
    <content>Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2009-6"/>
    <summary>Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.</summary>
    <published>2009-04-29T18:30:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2019-113</id>
    <title>pysec-2019-113</title>
    <updated>2019-01-25T19:42:00+00:00</updated>
    <content>CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2019-113"/>
    <summary>CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.</summary>
    <published>2019-01-25T04:29:00+00:00</published>
  </entry>
  <entry>
    <id>https://db.gcve.eu/vuln/pysec-2019-122</id>
    <title>pysec-2019-122</title>
    <updated>2019-01-31T18:00:00+00:00</updated>
    <content>Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.</content>
    <link href="https://db.gcve.eu/vuln/pysec-2019-122"/>
    <summary>Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.</summary>
    <published>2019-01-03T19:29:00+00:00</published>
  </entry>
</feed>
