CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2023/02/15 5:32 a.m.•1 views

SUSE CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

5.1CVSS7.4AI score0.06894EPSS

SUSE CVE•added 2023/02/15 3:27 a.m.•2 views

SUSE CVE-2022-26488

In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabl...

7CVSS7AI score0.01354EPSS

Exploits0References3

Metasploit•added 2023/01/24 7:51 p.m.•112 views

Python Exec, Python Pingback, Reverse TCP (via python)

Execute a Python payload from a command. Connects back to the attacker, sends a UUID, then terminates Module Options msf use payload/cmd/windows/python/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf payloadpingbackreversetc...

Metasploit•added 2023/01/24 7:51 p.m.•211 views

Python Exec, Python Meterpreter Shell, Reverse TCP Inline

Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell Module Options msf use payload/cmd/windows/python/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf...

Metasploit•added 2023/01/24 7:51 p.m.•221 views

Python Exec, Python Meterpreter Shell, Reverse HTTPS Inline

Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell Module Options msf use payload/cmd/windows/python/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf...

Metasploit•added 2023/01/24 7:51 p.m.•148 views

Python Exec, Python Meterpreter, Python Reverse TCP Stager with UUID Support

Execute a Python payload from a command. Run a meterpreter server in Python compatible with 2.5-2.7 & 3.1+. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/python/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf...

CNNVD•added 2021/03/10 12:0 a.m.•0 views

Python 路径遍历漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. Python suffers from a path traversal vulnerability that allows disclosure via pydoc...

5.7CVSS7.4AI score0.00081EPSS

Exploits0References46

Positive Technologies•added 2019/07/08 12:0 a.m.•2 views

PT-2019-13316 · Python · Python

Name of the Vulnerable Software and Affected Versions: Python versions prior to 2.7.17 Python versions 3.x prior to 3.5 Description: The MSI installer for Python on Windows defaults to the C:Python27 directory, making it easier for local users to deploy Trojan horse code. The vendor's position is...

9.3CVSS7.7AI score0.00157EPSS

Exploits0References7

Tenable Nessus•added 2017/08/29 12:0 a.m.•30 views

openSUSE Security Update : freeradius-server (openSUSE-2017-972)

This update for freeradius-server fixes the following issues : - update to 3.0.15 bsc1049086 - Bind the lifetime of program name and python path to the module - CVE-2017-10978: FR-GV-201: Check input / output length in makesecret bsc1049086 - CVE-2017-10983: FR-GV-206: Fix read overflow when...

9.8CVSS8.1AI score0.2146EPSS

Exploits0References8

OPENSUSE Linux•added 2016/06/14 11:8 a.m.•56 views

Security update for nodejs (important)

This update for nodejs to version 4.4.5 fixes the several issues. These security issues introduced by the bundled openssl were fixed by going to version 1.0.2h: - CVE-2016-2107: The AES-NI implementation in OpenSSL did not consider memory allocation during a certain padding check, which allowed...

10CVSS1.9AI score0.79963EPSS

Exploits6References5

Hacker One•added 2016/05/13 4:29 p.m.•15 views

Gratipay: don't expose path of Python

Hello Team, While testing the web application I've found that if you enter the 3 or more strings including % then web application is exposing the path of Python in error.Application exposing path of Python in error when you enter the 3 or more strings including % .. if you only enter the 2 string...

0.3AI score

RedHat Linux•added 2014/04/30 7:1 p.m.•0 views

python-django: unexpected code execution using reverse()

5.1CVSS6.1AI score0.06894EPSS

RedHat Linux•added 2014/04/30 7:1 p.m.•2 views

python-django: unexpected code execution using reverse()

5.1CVSS6.1AI score0.06894EPSS

OSV•added 2014/04/23 3:55 p.m.•1 views

DEBIAN-CVE-2014-0472

5.1CVSS7.2AI score0.06894EPSS

Exploits0References1

PyPA•added 2014/04/23 3:55 p.m.•7 views

PYSEC-2014-1

5.1CVSS7.4AI score0.06894EPSS

Exploits0References7Affected Software1

Prion•added 2014/04/23 3:55 p.m.•25 views

Path traversal

5.1CVSS7.5AI score0.06894EPSS

Exploits0References7Affected Software2

Debian CVE•added 2014/04/23 2:0 p.m.•38 views

CVE-2014-0472

5.1CVSS6.9AI score0.06894EPSS