Code injection

Python keyring lib before 0.10 created keyring files with world-readable permissions...

CVE-2019-17526

An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an import'os'.popen'whoami'.read...

CVE-2019-17526

SageMath Sage Cell Server is affected by a Python code injection vulnerability (CVE-2019-17526) in internet-facing web applications, demonstrated by import ('os').popen('whoami').read(). The issue is described across multiple sources (NVD, Red Hat, CNVD, Veracode, CVE list, etc.) as allowing arbi...

CVE-2019-17526

An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an import'os'.popen'whoami'.read...

PT-2019-15185 · Sagemath · Sagemath Sage Cell Server

Name of the Vulnerable Software and Affected Versions: SageMath Sage Cell Server versions prior to 2019-10-05 Description: An issue in SageMath Sage Cell Server allows Python Code Injection, enabling malicious actors to execute arbitrary commands on the underlying operating system. This can be...

Remote Code Execution

ReportLab is vulnerable to remote code execution. This is due to the usage of toColorevalarg in colors.py, allowing a remote attacker to execute arbitrary Python code using a malicious XML document that utilizes 'span color="' followed by arbitrary Python code...

DEBIAN-CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

PYSEC-2019-117

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service (PoC)

Exploit Title: Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service PoC Author: Alessandro Magnosi Date: 2019-10-09 Vendor Homepage: https://www.foscam.com/ Software Link : https://www.foscam.com/downloads/appsoftware.html?id=5 Tested Version: 1.1.6.6 Vulnerability Type: Denial of...

Debian DLA-1947-1 : libreoffice security update

Several vulnerabilities were discovered in LibreOffice, the office productivity suite. CVE-2019-9848 Nils Emmerich discovered that malicious documents could execute arbitrary Python code via LibreLogo. CVE-2019-9849 Matei Badanoiu discovered that the stealth mode did not apply to bullet graphics...

Folder Lock 7.7.9 - Denial of Service

Exploit Title: Folder Lock v7.7.9 Denial of Service Exploit Date: 12.09.2019 Vendor Homepage:https://www.newsoftwares.net/folderlock/ Software Link: https://www.newsoftwares.net/download/folderlock7-en/folder-lock-en.exe Exploit Author: Achilles Tested Version: 7.7.9 Tested on: Windows 7 x64 1.-...

Folder Lock v7.7.9 Denial of Service Exploit

Exploit Title: Folder Lock v7.7.9 Denial of Service Exploit Date: 12.09.2019 Vendor Homepage:https://www.newsoftwares.net/folderlock/ Software Link: https://www.newsoftwares.net/download/folderlock7-en/folder-lock-en.exe Exploit Author: Achilles Tested Version: 7.7.9 Tested on: Windows 7 x64 1.-...

SQL Server Password Changer 1.90 Denial Of Service

Exploit Title: SQL Server Password Changer v1.90 Denial of Service Exploit Date: 29.08.2019 Vendor Homepage:https://www.top-password.com/ Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested Version: v2.10 Tested on: Windows 8 x64 Windows 7 x64 1.- Run python code...

SQL Server Password Changer 1.90 - Denial of Service

SQL Server Password Changer 1.90 - Denial of Service Exploit Title: SQL Server Password Changer v1.90 Denial of Service Exploit Date: 29.08.2019 Vendor Homepage:https://www.top-password.com/ Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested Version: v2.10 Tested...

SQL Server Password Changer 1.90 - Denial of Service

Exploit Title: SQL Server Password Changer v1.90 Denial of Service Exploit Date: 29.08.2019 Vendor Homepage:https://www.top-password.com/ Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested Version: v2.10 Tested on: Windows 8 x64 Windows 7 x64 1.- Run python code...

LibreOffice Macro Python Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreOffice Macro Python Code Execution', 'Description' = %q LibreOffice comes bundled with sample macros written in Python and allows the abilit...