471 matches found
Pi-hole 4.4.0 CVE-2020-11108 - Remote Code Execution
Pi-hole version 4.4.0 suffers from a remote code execution vulnerability. Exploit Title: Pi-hole 4.4.0 - Remote Code Execution Authenticated Date: 2020-05-22 Exploit Author: Photubias Vendor Advisory: 1 https://github.com/pi-hole/AdminLTE Version: Pi-hole . Based and improved on:...
vBulletin 5.6.1 SQL Injection
Exploit Title: vBulletin 5.6.1 - 'nodeId' SQL Injection Date: 2020-05-15 Exploit Author: Photubias Vendor Advisory: 1 https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcementsaa/4440032-vbulletin-5-6-1-security-patch-level-1 Version: vBulletin v5.6.x prior to Patch Level 1...
python3 security and bug fix update
3.6.8-23.0.1.el8 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-23 - Modify the test suite to better handle disabled SSL/TLS versions and FIPS mode - Use OpenSSLs DRBG and disable os.getrandom function in FIPS mode Resolves: rhbz1754028, rhbz1754027, rhbz1754026, rhbz177447...
RHEL 8 : python3 (RHSA-2020:1764)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1764 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption
Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Date: 2020-04-20 Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible...
Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Exploit
Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible for Python 2 and ...
Important Photon OS Security Update - PHSA-2020-0224
Updates of 'python3' packages of Photon OS have been released...
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apple Ipados
kr00ker ============ Description This script is a simple ex...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2020-0796 An even more simple PoC and Scanner for CVE-202...
PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution
Exploit Title: PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version:...
[SECURITY] Fedora 30 Update: python3-typed_ast-1.4.0-2.fc30
A fork of the ast module with type annotations. This package is based on th e ast modules from Python 2 and 3, and has been extended with support for type comments and type annotations as supported in Python 3.6...
Pytm - A Pythonic Framework For Threat Modeling
Define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram DFD, a Sequence Diagram and most important of all, threats to your system. Requirements Linux/MacOS Python 3.x Graphviz package Java...
PSF-2020-7 CVE-2020-8315: Unsafe DLL loading in getpathp.c on Windows 7
In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected...
Aircrack-ng 1.6 - Complete Suite Of Tools To Assess WiFi Network Security
Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools. Attacking: Replay attacks, deauthentication, fake access points and...
Corsy v1.0 - CORS Misconfiguration Scanner
Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Requirements Corsy only works with Python 3 and has the following depencies: tld requests To install these dependencies, navigate to Corsy directory and execute pip3 install -r requirements.txt Usag...
Gtfo - Search For Unix Binaries That Can Be Exploited To Bypass System Security Restrictions
This is a standalone script written in Python 3 for GTFOBins. You can search for Unix binaries that can be exploited to bypass system security restrictions. These binaries can be abused to get the fk break out of restricted shells, escalate privileges, transfer files, spawn bind and reverse shell...
Fedora 31 : python3 (2019-0a8fb6dacf)
Python 3.7.6 is the latest bugfix release of Python 3.7. It includes some security fixes as well. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...
EulerOS 2.0 SP3 : python (EulerOS-SA-2019-2653)
According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly pars...
Sooty - The SOC Analysts All-In-One CLI Tool To Automate And Speed Up Workflow
Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty is to perform as much of the routines checks as possible, allowing the analyst more time to spend on deeper analysis within the same time-frame. Sooty is now proudly...
SUSE-RU-2019:2767-1 Recommended update for xen
This update for xen to version 4.10.4 fixes the following issues: - Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration bsc1133818. - Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above bsc1137717. - Fixed an issue...