Vulnerabilities > Pythonpaste

DATE CVE VULNERABILITY TITLE RISK
2012-05-01 CVE-2012-0878 Permissions, Privileges, and Access Controls vulnerability in Pythonpaste Paste
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
network
high complexity
pythonpaste CWE-264
5.1
2010-11-06 CVE-2010-2477 Cross-Site Scripting vulnerability in Pythonpaste Paste
Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.
4.3