Pyplate 0.08

CPE Details

Pyplate 0.08
pyplate
pyplate
0.08
2014-08-07
13h56 +00:00
2014-08-08
19h02 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:pyplate:pyplate:0.08:*:*:*:*:*:*:*

Informations

Vendor

pyplate

Product

pyplate

Version

0.08

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2014-3851 2014-08-07 08h00 +00:00 usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file.
2.1
CVE-2014-3852 2014-08-07 08h00 +00:00 Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
5
CVE-2014-3853 2014-08-07 08h00 +00:00 Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
5
CVE-2014-3854 2014-08-07 08h00 +00:00 Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the title parameter.
6.8
CVE-2014-3855 2014-08-07 08h00 +00:00 Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
5