Amazon Linux 2 : python38 (ALASPYTHON3.8-2023-009)

The version of python38 installed on the remote host is prior to 3.8.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PYTHON3.8-2023-009 advisory. The CryptProtectMemory function in cng.sys aka the Cryptography Next Generation driver in the kernel- mode driver...

plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait

Impact There is a stored cross site scripting vulnerability for SVG images uploaded in user portraits. Note that a page that uses an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first ne...

Fedora: Security Advisory for python3-docs (FEDORA-2023-aeb32a843f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python3-docs (FEDORA-2023-3d13b093d2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moniorg - Tool That Leverages Crt.Sh Website To Monitor Domains Of A Target

By looking through CT logs an attacker can gather a lot of information about organization's infrastructure i.e. internal domains,email addresses in a completly passive manner. moniorg leverage certificate transparency logs to monitor for newly issued domains based on organization field in their S...

[SECURITY] Fedora 38 Update: python3-docs-3.11.5-1.fc38

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

HTTP-Shell - MultiPlatform HTTP Reverse Shell

HTTP-Shell is Multiplatform Reverse Shell. This tool helps you to obtain a shell-like interface on a reverse connection over HTTP. Unlike other reverse shells, the main goal of the tool is to use it in conjunction with Microsoft Dev Tunnels, in order to get a connection as close as possible to a...

Oracle Linux 8 : python3 (ELSA-2020-1764)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1764 advisory. - Security fix for CVE-2019-16056 Resolves: rhbz1750776 - Security fix for CVE-2018-20852 Resolves: rhbz1741553 Tenable has extracted the preceding...

Important: python3

Issue Overview: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer...

Exploit for Classic Buffer Overflow in Raidenftpd

CVE-2023-39063 This repository contains an exploit for the vul...

OESA-2023-1519 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

Rocky Linux 8 : python3 (RLSA-2023:3591)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:3591 advisory. - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank...

Thruk Monitoring Web Interface 3.06 - Path Traversal Exploit

Exploit Title: Thruk Monitoring Web Interface 3.06 - Path Traversal Exploit Author: Galoget Latorre @galoget CVE: CVE-2023-34096 Galoget Latorre Vendor Homepage: https://thruk.org/ Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip Software Link + Exploit + PoC Backup:...

Exploit for Path Traversal in Thruk

Thruk-CVE-2023-34096 Thruk Monitoring Web Interface versions...

Thruk Monitoring Web Interface 3.06 - Path Traversal

Exploit Title: Thruk Monitoring Web Interface 3.06 - Path Traversal Date: 08-Jun-2023 Exploit Author: Galoget Latorre @galoget CVE: CVE-2023-34096 Galoget Latorre Vendor Homepage: https://thruk.org/ Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip Software Link + Exploit +...

Online Security Guards Hiring System 1.0 - Reflected XSS Exploit

Exploit Title: Online Security Guards Hiring System 1.0 – REFLECTED XSS Exploit Author : AFFAN AHMED Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/projects/Online-Security-Guard-Hiring-SystemPHP.zip Version: 1.0 Tested on: Windows 11 + XAMPP + PYTHON-3.X CVE :...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

CVE-2019-9053 Exploit Python 3 This repository contains an e...

Exploit for OS Command Injection in Eparks Fiberlink_210_Firmware

CVE-2023-33617 Authenticated OS command injection vulnerabili...

K000133759: Python vulnerability CVE-2020-26116

Security Advisory Description http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of...

slixmpp: Insufficient Certificate Validation

Background slixmpp is a Python 3 library for XMPP. Description slixmpp does not validate hostnames in certificates used by connected servers. Impact An attacker could perform a man-in-the-middle attack on users' connections to servers with slixmpp. Workaround There is no known workaround at this...