GHSA-M7M4-4VM8-55WG PyAMF vulnerable to XML external entity (XXE)

PyAMF provides Action Message Format AMF support for Python that is compatible with the Adobe Flash Player. It includes integration with Python web frameworks like Django, Pylons, Twisted, SQLAlchemy, web2py and more. XML external entity XXE vulnerability in PyAMF before 0.8.0 allows remote...

XML External Entity (XXE) Injection

pyamf is vulnerable to XML external entity XXE attacks. The attack exists because the XML parser does not disable the parsing of external DTDs, allowing a remote attacker to inject malicious external DTD entities via an Action Message Format AMF payload to retrieve system files or perform request...

CVE-2015-8549

PyAMF (Python AMF) before version 0.8.0 contains an XML External Entity (XXE) vulnerability that can cause DoS or allow reading arbitrary files via crafted AMF payloads. This CVE-2015-8549 entry is corroborated by multiple connected sources (OSV GHSA entry, NVD description, and PyAMF advisories),...

Nessus plug-in“arms”tutorial-vulnerability warning-the black bar safety net

! Overview In a recent internal penetration test, we need to use a Java two-stage deserialization vulnerability. In this article, we will tell you how to transform the Nessus plugin, because the plugin was originally only the use of an existing RCE vulnerability, but we will teach you how to...

Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution

Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE Date: February 6, 2018 Exploit Author: Faisal Tameesh @DreadSystems Company: Depth Security https://depthsecurity.com Version: Adobe Coldfusion 11.0.03.292866 Tested On: Windows 10 Enterprise 10.0.15063 CVE: CVE-2017-3066...