PHPMailer 5.2.21 - Local File Disclosure

PHPMailer 5.2.21 - Local File Disclosure Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "admin@localhost"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer MsgHTML$POST"your-message";...

LaZagne v2.2 - Credentials Recovery Project

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...

Remote Code Execution (RCE)

ansible-vault is vulnerable to remote code execution RCE attacks. The application uses the unsafe yaml.load method to deserialize YAML files, allowing a malicious user to inject and execute arbitrary python code...

Microsoft Windows - LNK Shortcut File Code Execution Exploit

Exploit for windows platform in category local exploits !/usr/bin/python -- coding: utf-8 -- Title : CVE-2017-8464 | LNK Remote Code Execution Vulnerability CVE : 2017-8464 Authors : ykoster, nixawk Notice : Only for educational purposes. Support : python2 import struct def generateSHELLLINKHEADE...

Windows SMB Zero Day to Be Disclosed During DEF CON

LAS VEGAS—A 20-year-old Windows SMB vulnerability is expected to be disclosed Saturday during a talk at DEF CON. Microsoft has said it will not patch the vulnerability, which allows an attacker to remotely crash a Windows server with relative ease using only 20 lines of Python code and a Raspberr...

Database Anonymization Arbitrary Code Execution Vulnerability in Multiple Odoo Products

Odoo formerly OpenERP and others are products of the Belgian company Odoo, an Enterprise Resource Planning ERP and Customer Relationship Management CRM system; Odoo Community Edition is its Community Edition; Odoo Enterprise Edition is its Enterprise Edition.Database Database Anonymization module...

Lepide Auditor Suite - createdb() Web Console Database Injection Remote Code Execution

Lepide Auditor Suite - createdb Web Console Database Injection Remote Code Execution !/usr/bin/python """ Lepide Auditor Suite createdb Web Console Database Injection Remote Code Execution Vulnerability Vendor: http://www.lepide.com/ File: lepideauditorsuite.zip SHA1:...

CVE-2017-10803

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...

CVE-2017-10803

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...

CVE-2017-10803

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...

CVE-2017-10803

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...

Odoo CRM 10.0 - Code Execution

Odoo CRM 10.0 - Code Execution Vulnerability Summary The following advisory describe arbitrary Python code execution found in Odoo CRM version 10.0 Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project...

Code injection

An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python cod...

CVE-2017-9807

An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python cod...

CVE-2017-9807

An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python cod...

Remote Code Execution (RCE)

Tablib is vulnerable to remote code execution RCE. These attacks are possible because untrusted data is deserialized allowing attacks to execute python code...

CVE-2015-6531

Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file...

CVE-2015-6531

Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file...

Cloudflare-scrape Arbitrary Code Execution Vulnerability

cloudflare-scrape is a Python module for bypassing Cloudflare's bot pages. A security vulnerability exists in cloudflare-scrape versions 1.6.6 through 1.7.1. An attacker can exploit the vulnerability to execute arbitrary Python code with the help of a malicious page...

CVE-2017-7235

An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0...