Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.
Multiple vulnerabilities has been found and corrected in python-django: The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected static media files, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL . Algorithmic complexity vulnerability in the forms library in Django 1.0 ...
Multiple vulnerabilities has been found and corrected in python-django: The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected static media files, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL . Algorithmic complexity vulnerability in the forms library in Django 1.0 ...
A vulnerability has been found and corrected in python-django: The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected static media files, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL . The versions of Django shipping with Mandriva Linux have been updated to the late ...
rssh: Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist rssh could be made to run arbitrary commands if it received specially crafted input.