CVE-2015-0693

CVE-2015-0693 affects Cisco Web Security Appliance (WSA) devices running 8.5.0-ise-147, where improper handling of the pickle module during tunnel-status checks allows an authenticated, local attacker to execute arbitrary Python code and elevate privileges via a crafted pickle file (Bug CSCut3925...

Cisco Web Security Appliance Local Elevation of Privilege Vulnerability

The Cisco Web Security Appliance is a secure Web gateway that integrates malware protection, application visualization control, policy control, and more in one platform. A local elevation of privilege vulnerability exists in Cisco Web Security Appliance. This vulnerability allows attackers to...

Cisco Web Security Appliance (WSA) Local Arbitrary Python Code Execution Vulnerability

The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. A security vulnerability exists in the Cisco Web Security Appliance WSA that allows a local attacker to execute arbitrary Python code via specially crafted serialized objec...

Design/Logic Flaw

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method...

CVE-2011-4104

The fromyaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method...

CVE-2014-3593

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration...

Design/Logic Flaw

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration...

CVE-2014-3593

The CVE-2014-3593 entry concerns luci, affected up to version 0.26.0, where an eval() on cluster configuration inputs could be exploited by remote authenticated users with certain permissions to execute arbitrary Python code. Multiple trusted sources (Red Hat RHSA-2014:1390, CentOS/OSS advisories...

CVE-2014-3593

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration...

PT-2014-5409 · Google +2 · Luci +2

Name of the Vulnerable Software and Affected Versions: luci version 0.26.0 Description: The issue allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. Recommendations: For luci version 0.26.0, update to a version that fix...

CVE-2012-5495

pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "goback."...

CVE-2012-5485

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

Code injection

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

Design/Logic Flaw

pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject...

CVE-2012-5495

pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "goback."...

CVE-2012-5488

pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject...

OpenOffice, LibreOffice: Multiple vulnerabilities

Background OpenOffice is the open source version of StarOffice, a full office productivity suite. LibreOffice is a fork of OpenOffice. Description Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact A...

Avaya IP Office Manager TFTP Server 8.1 - Directory Traversal Vulnerability

No description provided by source. Title : Avaya IP Office Manager TFTP Server Directory Traversal Vulnerability Author : Veerendra G.G from SecPod Technologies www.secpod.com Vendor : http://www.avaya.com/usa/product/ip-office Advisory : http://www.avaya.com/usa/product/ip-office...

Apple Mac OS X Server 10.5 - Wiki Server Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28278/info Apple Mac OS X Server Wiki Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access arbitrary...

Mini-stream RM-MP3 Converter 3.1.2.2 - Local Buffer Overflow

No description provided by source. Exploit Title : Mini-stream RM-MP3 Converter? V 3.1.2.2 Local Buffer OverFlow Author : SkY-NeT SySteMs Software Link : http://mini-stream.net/rm-to-mp3-converter/download/ Version : 3.1.2.2 Tested on : Xp Sp 2 Category : Local Code : Python Email :...