Fedora 32 : python39 (2021-e3a5a74610)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-e3a5a74610 advisory. - Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python...

CVE-2021-3177

Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to cdouble.fromparam. This occurs because sprintf is...

sar2html 3.2.1 Remote Code Execution

Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution Date: 27-12-2020 Exploit Author: Musyoka Ian Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Ubuntu 18.04.1 !/usr/bin/env python3 import requests...

Updated python3 packages fix security vulnerability

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP CVE-2020-27619...

OnionSearch - A Script That Scrapes Urls On Different .Onion Search Engines

OnionSearch is a Python3 script that scrapes urls on different ".onion" search engines. Prerequisite Python 3  Currently supported Search engines ahmia darksearchio onionland notevil darksearchenginer phobos onionsearchserver torgle onionsearchengine tordex tor66 tormax haystack multivac evosear...

Exploit for CVE-2020-11651

PoC exploit for CVE-2020-11651 and CVE-2020-11652, two vulnerabi...

RedShell - An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server

An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server. Installation RedShell runs on Python 3. It also requires a Cobalt Strike client installed on the system where it runs. Install dependencies: pip3 install -r...

Amazon Linux AMI : python27, python34, python35 (ALAS-2020-1454)

The version of python27 installed on the remote host is prior to 2.7.18-2.140. The version of python34 installed on the remote host is prior to 3.4.10-1.53. The version of python35 installed on the remote host is prior to 3.5.10-1.29. It is, therefore, affected by a vulnerability as referenced in...

Exploit for Code Injection in Nette Application

CVE-2020-15227 DISCLAIMER! I take no responsibility of using...

Oracle Linux 7 : python3 (ELSA-2020-5010)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5010 advisory. - Avoid infinite loop when reading specially crafted TAR files CVE-2019-20907 Resolves: rhbz1856481 Tenable has extracted the preceding description blo...

freeradius:3.0 security and bug fix update

3.0.20-3 - Require make for proper bootstrap execution, removes post script Resolves: bz1672285 3.0.20-2 - Fix breakage caused by OpenSSL FIPS regression Related: bz1855822 Related: bz1810911 Resolves: bz1672285 3.0.20-1 - Update to FreeRADIUS server version 3.0.20 - Introduce Python 3 support;...

RHEL 8 : python3 (RHSA-2020:4433)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4433 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

[SECURITY] Fedora 32 Update: python27-2.7.18-6.fc32

Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been...

Zracker - Zip File Password BruteForcing Utility Tool based on CPU-Power

Zracker is a Zip File Password BruteForcing Utility Tool based on CPU-Power. Yet available for Linux only ... Supports WordList Mode only but will surely get an Update with BruteForce Mode Dedicated WebSite:https://devim-stuffs.github.io/zracker/ Link to Post on...

Exploit for Injection in Thedaylightstudio Fuel_Cms

CVE-2018-16763 FuelCMS 1.4.1 Remote Code Execution Vulnera...

Oracle Linux 7 : python3 (ELSA-2020-3888)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3888 advisory. - Security fix for CVE-2020-8492 Resolves: rhbz1810616 - Security fix for CVE-2019-16935 Resolves: rhbz1797999 Tenable has extracted the preceding...

[SECURITY] Fedora 33 Update: python2.7-2.7.18-6.fc33

Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been...

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

Crlf injection

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

SpamTitan 7.07 Remote Code Execution

Exploit Title: SpamTitan 7.07 - Remote Code Execution Authenticated Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...