71 matches found
EUVD-2023-2766
Malicious code in bioql PyPI...
EUVD-2024-2849
Malicious code in bioql PyPI...
EUVD-2024-3447
Malicious code in bioql PyPI...
EUVD-2024-0283
Malicious code in bioql PyPI...
CVE-2024-45595
D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default...
CVE-2024-55890
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...
CVE-2023-46134
D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...
GHSA-GJXM-X497-4H6H Duplicate Advisory: D-Tale Command Injection vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-832w-fhmw-w4f4. This link is maintained to preserve external references. Original Description A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the...
Duplicate Advisory: D-Tale Command Injection vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-832w-fhmw-w4f4. This link is maintained to preserve external references. Original Description A vulnerability in man-group/dtale versions 3.15.1 allows an attacker to override global state settings to enable the...
D Tale 3.15.1 Remote Command Execution
D Tale version 3.15.1 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.15.1 PHP code execution vulnerability | | Author : indoushka |...
D Tale 3.10.0 Remote Command Execution
D Tale version 3.10.0 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.10.0 PHP code execution vulnerability | | Author : indoushka |...
D-Tale RCE
This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...
D-Tale Remote Code Execution
This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...
CVE-2024-21642
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery SSRF, allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the Load From the Web input is turned off ...
Remote Code Execution (RCE)
D-Tale is vulnerable to Remote Code Execution RCE. The vulnerability is due to the ability for users to update the enablecustomfilters flag through the update-settings endpoint, allowing attackers to run malicious code on the server...
GHSA-832W-FHMW-W4F4 D-Tale allows Remote Code Execution through the Custom Filter Input
Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Patches Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability for users to update the enablecustomfilters flag. You can fi...
CVE-2024-55890
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...
CVE-2024-55890 D-Tale allows Remote Code Execution through the Custom Filter Input
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...
CVE-2024-55890 D-Tale allows Remote Code Execution through the Custom Filter Input
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the update-settings endpoint blocks the ability...
CVE-2024-55890
D‑Tale (Python package for Visualizing Pandas objects) prior to v3.16.1 is vulnerable to remote code execution when hosted publicly. The issue stems from the update-settings endpoint allowing an attacker to modify the enable_custom_filters flag, enabling arbitrary code execution on the server. Th...