<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent entries from pysec</title>
    <link>https://db.gcve.eu</link>
    <description>Contains only the most 10 recent entries.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Sun, 05 Jul 2026 12:19:30 +0000</lastBuildDate>
    <item>
      <title>pysec-2010-13</title>
      <link>https://db.gcve.eu/vuln/pysec-2010-13</link>
      <description>MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.</description>
      <content:encoded>MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2010-13</guid>
      <pubDate>Mon, 29 Mar 2010 20:30:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2010-20</title>
      <link>https://db.gcve.eu/vuln/pysec-2010-20</link>
      <description>Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.</description>
      <content:encoded>Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2010-20</guid>
      <pubDate>Tue, 19 Oct 2010 20:00:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2010-21</title>
      <link>https://db.gcve.eu/vuln/pysec-2010-21</link>
      <description>FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.</description>
      <content:encoded>FTPServer.py in pyftpdlib before 0.2.0 does not increment the attempted_logins count for a USER command that specifies an invalid username, which makes it easier for remote attackers to obtain access via a brute-force attack.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2010-21</guid>
      <pubDate>Tue, 19 Oct 2010 20:00:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2010-22</title>
      <link>https://db.gcve.eu/vuln/pysec-2010-22</link>
      <description>pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.</description>
      <content:encoded>pyftpdlib before 0.1.1 does not choose a random value for the port associated with the PASV command, which makes it easier for remote attackers to obtain potentially sensitive information about the number of in-progress data connections by reading the response to this command.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2010-22</guid>
      <pubDate>Tue, 19 Oct 2010 20:00:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2010-23</title>
      <link>https://db.gcve.eu/vuln/pysec-2010-23</link>
      <description>FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.</description>
      <content:encoded>FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2010-23</guid>
      <pubDate>Tue, 19 Oct 2010 20:00:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2010-24</title>
      <link>https://db.gcve.eu/vuln/pysec-2010-24</link>
      <description>The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.</description>
      <content:encoded>The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2010-24</guid>
      <pubDate>Tue, 19 Oct 2010 20:00:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2010-25</title>
      <link>https://db.gcve.eu/vuln/pysec-2010-25</link>
      <description>The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.</description>
      <content:encoded>The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2010-25</guid>
      <pubDate>Tue, 19 Oct 2010 20:00:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2009-6</title>
      <link>https://db.gcve.eu/vuln/pysec-2009-6</link>
      <description>Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.</description>
      <content:encoded>Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2009-6</guid>
      <pubDate>Wed, 29 Apr 2009 18:30:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2019-113</title>
      <link>https://db.gcve.eu/vuln/pysec-2019-113</link>
      <description>CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.</description>
      <content:encoded>CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2019-113</guid>
      <pubDate>Fri, 25 Jan 2019 04:29:00 +0000</pubDate>
    </item>
    <item>
      <title>pysec-2019-122</title>
      <link>https://db.gcve.eu/vuln/pysec-2019-122</link>
      <description>Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.</description>
      <content:encoded>Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary python code via the fixture_text argument in sqla_yaml_fixtures.load.</content:encoded>
      <guid isPermaLink="false">https://db.gcve.eu/vuln/pysec-2019-122</guid>
      <pubDate>Thu, 03 Jan 2019 19:29:00 +0000</pubDate>
    </item>
  </channel>
</rss>
