<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent entries from pysec</title>
    <link>https://db.gcve.eu</link>
    <description>Contains only the most 10 recent entries.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sun, 05 Jul 2026 12:19:30 +0000</lastBuildDate>
    <item>
      <title>pysec-2005-1</title>
      <link>https://db.gcve.eu/vuln/pysec-2005-1</link>
      <description>Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.</description>
      <content:encoded>Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2005-1</guid>
      <pubDate>Sat, 31 Dec 2005 05:00:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2006-1</title>
      <link>https://db.gcve.eu/vuln/pysec-2006-1</link>
      <description>Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.</description>
      <content:encoded>Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2006-1</guid>
      <pubDate>Wed, 22 Feb 2006 02:02:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2006-4</title>
      <link>https://db.gcve.eu/vuln/pysec-2006-4</link>
      <description>Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).</description>
      <content:encoded>Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2006-4</guid>
      <pubDate>Thu, 18 May 2006 23:02:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2006-7</title>
      <link>https://db.gcve.eu/vuln/pysec-2006-7</link>
      <description>Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.</description>
      <content:encoded>Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2006-7</guid>
      <pubDate>Fri, 07 Jul 2006 23:05:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2006-2</title>
      <link>https://db.gcve.eu/vuln/pysec-2006-2</link>
      <description>Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.</description>
      <content:encoded>Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2006-2</guid>
      <pubDate>Fri, 21 Jul 2006 14:03:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2006-8</title>
      <link>https://db.gcve.eu/vuln/pysec-2006-8</link>
      <description>The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.</description>
      <content:encoded>The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2006-8</guid>
      <pubDate>Tue, 19 Sep 2006 18:07:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2006-5</title>
      <link>https://db.gcve.eu/vuln/pysec-2006-5</link>
      <description>Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."</description>
      <content:encoded>Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2006-5</guid>
      <pubDate>Fri, 29 Sep 2006 19:07:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2006-9</title>
      <link>https://db.gcve.eu/vuln/pysec-2006-9</link>
      <description>Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."</description>
      <content:encoded>Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2006-9</guid>
      <pubDate>Fri, 29 Sep 2006 19:07:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2006-3</title>
      <link>https://db.gcve.eu/vuln/pysec-2006-3</link>
      <description>Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.</description>
      <content:encoded>Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2006-3</guid>
      <pubDate>Tue, 14 Nov 2006 19:07:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2006-10</title>
      <link>https://db.gcve.eu/vuln/pysec-2006-10</link>
      <description>Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."</description>
      <content:encoded>Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2006-10</guid>
      <pubDate>Thu, 07 Dec 2006 23:28:00 +0000</pubDate>
    </item>
  </channel>
</rss>
