Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. Th...

CVE-2020-15523

CVE-2020-15523 : On Windows, CPython embedded in a native app may load an attacker-controlled python3.dll due to an invalid search path for python3.dll after Py_SetPath. A Trojan horse python3.dll could be loaded for Python 3.6.0–3.6.10, 3.7.0–3.7.8, 3.8.0–3.8.4rc1, and 3.9.0–3.9.0b4, unless the ...

PSF-2020-4 Py_SetPath(): _Py_CheckPython3 uses uninitialized DLL path

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading...

Moderate Photon OS Security Update - PHSA-2020-0258

Updates of 'python3' packages of Photon OS have been released...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0258

An update of 'python3' packages of Photon OS has been released...

Photon OS 1.0: Python3 PHSA-2020-1.0-0304

An update of the python3 package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-1.0-0304. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Python -- multiple vulnerabilities

Python reports: bpo-41162:Audit hooks are now cleared later during finalization to avoid missing events. bpo-29778:Ensure python3.dll is loaded from correct locations when Python is embedded...

SUSE-SU-2020:1792-1 Security update for python3-requests

This update for python3-requests provides the following fix: python-requests was updated to 2.20.1. Update to version 2.20.1: Fixed bug with unintended Authorization header stripping for redirects using default ports http/80, https/443. Update to version 2.20.0: Bugfixes + Content-Type header...

Student Enrollment 1.0 - Unauthenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Student Enrollment 1.0 - Unauthenticated Remote Code Execution Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14281/online-student-enrollment-system-using-phpmysqli.html Versio...

Student Enrollment 1.0 Remote Code Execution

Exploit Title: Student Enrollment 1.0 - Unauthenticated Remote Code Execution Date: 2020-06-22 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14281/online-student-enrollment-system-using-phpmysqli.html Version: 1.0 Tested on: Windows 10 /...

SmarterMail 16 Arbitrary File Upload

Exploit Title: SmarterMail 16 - Arbitrary File Upload Google Dork: inurl:/interface/root Date: 2020-06-10 Exploit Author: vvhack.org Vendor Homepage: https://www.smartertools.com Software Link: https://www.smartertools.com Version: 16.x Tested on: Windows CVE : N/A !/usr/bin/python3 import...

Revisiting old tools

Many, many years ago I was onsite and noticed that a company's internal website had checked out their website using the subversion code versioning system. This subversion archive contained the site's web.config which has a set of credentials for SQL server, which through many steps led to domain...

Bludit 3.9.12 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Bludit 3.9.12 - Directory Traversal Exploit Author: Luis Vacacas Vendor Homepage: https://www.bludit.com Software Link: https://github.com/bludit/bludit Version: = 3.9.12 Tested on: Ubuntu 19.10 CVE : CVE-2019-16113 !/usr/bin/en...

GitMonitor - A Github Scanning System To Look For Leaked Sensitive Information Based On Rules

GitMonitor is a Github scanning system to look for leaked sensitive information based on rules. I know that there are a lot of very good other tools for finding sensitive information leaked on Github right now, I myself currently still use some of them. However, I think they still lack some...

Fedora 32 : python3 (2020-98e0f0f11b)

Python 3.8.3 This is the third maintenance release of Python 3.8. See the changelog for details. Contains the security fix for CVE-2020-8492. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

QuickBox Pro 2.1.8 - Authenticated Remote Code Execution

Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: An authenticated low-privileged user...

Fedora: Security Advisory for python3 (FEDORA-2020-98e0f0f11b)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: python3-3.8.3-1.fc32

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

Moderate Photon OS Security Update - PHSA-2020-0295

Updates of 'linux', 'linux-esx' packages of Photon OS have been released...

CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution Exploit Author: Wade Guest Vendor Homepage: https://craftcms.com/ Software Link: https://plugins.craftcms.com/vcard Vulnerability Details:...