Pyplate 0.08

CPE Details

Pyplate 0.08
pyplate
pyplate
0.08
2014-08-07
13h56 +00:00
2014-08-08
19h02 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:pyplate:pyplate:0.08:*:*:*:*:*:*:*

Informations

Vendor

pyplate

Product

pyplate

Version

0.08

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2014-3851 2014-08-07 08h00 +00:00 usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file.
2.1
CVE-2014-3852 2014-08-07 08h00 +00:00 Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
5
CVE-2014-3853 2014-08-07 08h00 +00:00 Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
5
CVE-2014-3854 2014-08-07 08h00 +00:00 Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the title parameter.
6.8
CVE-2014-3855 2014-08-07 08h00 +00:00 Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
5