Ubuntu 16.04 ESM : Python vulnerabilities (USN-5083-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5083-1 advisory. It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only...

CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...

CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability...

RestSharp 安全漏洞

RestSharp is open source a .NET HTTP client library . NET HTTP client library with automatic serialization and deserialization, request and response type detection. A security vulnerability exists in RestSharp 106.11.8-alpha.0.13, which can be exploited by attackers to trigger a denial of service...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2021-2096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2021-0298 Updated java-openjdk packages fix security vulnerabilities

For java-1.8.0 Security fixes - JDK-8227467: Better class method invocations - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes - JDK-8249906, CVE-2021-2163: Enhance opening JARs - JDK-8250568, CVE-2021-2161: Less ambiguous processing -...

rConfig Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rConfig Vendors Auth File Upload RCE', 'Description' = %q This module allows an attacker with a privileged rConfig account to start a reverse she...

Huawei Data Communication: The client ssl-verify peer is not configured on the HTTP client

Checks if setting Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

Debian DLA-2686-1 : python-urllib3 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2686 advisory. Several vulnerabilities were discovered in python-urllib3, a HTTP client for Python. CVE-2018-20060 Urllib3 does not remove the Authorization HTTP header when...

Debian: Security Advisory (DLA-2686-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2686-1] python-urllib3 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2686-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA June 15, 2021 https://wiki.debian.org/LTS -...

HashiCorp Nomad Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HashiCorp Nomad Remote Command Execution', 'Description' = %q Create a batch job on HashiCorp's Nomad service to spawn a shell. The default optio...

NSClient++ 0.5.2.35 Remote Code Execution Exploit

This Metasploit module allows an attacker with knowledge of the admin password of NSClient++ to start a privileged shell. For this module to work, both web interface of NSClient++ and ExternalScripts feature should be enabled. This module requires Metasploit: https://metasploit.com/download Curre...

Cacti 1.2.12 SQL Injection / Remote Command Execution Exploit

This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the pathphpbinary value is changed within the settings tab...

RHEL 8 : Red Hat OpenStack Platform 16.1.6 (python-httplib2) (RHSA-2021:2116)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2116 advisory. A comprehensive HTTP client library that supports many features left out of other HTTP libraries. Security Fixes: CRLF injection via an...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.6 (python-httplib2) security update

An update for python-httplib2 is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

python: CRLF injection via HTTP request method in httplib/http.client

A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat fr...

Citrix ADC (NetScaler) Directory Traversal RCE

This module exploits a directory traversal in Citrix Application Delivery Controller ADC, aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload. Module Options msf use exploit/freebsd/http/citrixdirtraversalrce msf exploitcitrixdirtraversalrce show...

GO-2021-0081 Insufficiently Protected Credentials in github.com/containers/image

The HTTP client used to connect to the container registry authorization service explicitly disables TLS verification, allowing an attacker that is able to MITM the connection to steal credentials...