Odoo CRM 10.0 - Code Execution

Odoo CRM 10.0 - Code Execution Vulnerability Summary The following advisory describe arbitrary Python code execution found in Odoo CRM version 10.0 Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project...

CVE-2017-2810

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...

CVE-2015-5306

OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...

CVE-2014-2331

CheckMK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330...

PT-2014-5409 · Google +2 · Luci +2

Name of the Vulnerable Software and Affected Versions: luci version 0.26.0 Description: The issue allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. Recommendations: For luci version 0.26.0, update to a version that fix...

Python 1.5/1.6/2.0/2.1.x Pickle Class Constructor Arbitrary Code Execution

No description provided by source. source: http://www.securityfocus.com/bid/5257/info Python is an open source, object oriented programming language. The Python Pickle module is provided to convert object variables into a serialized form pickling, and later recover the data back into an object...

Mandriva Linux Security Advisory : python-django (MDVSA-2014:113)

Multiple vulnerabilities has been discovered and corrected in python-django : Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the 1 Vary: Cookie or 2 Cache-Control header in responses, which allows remote attackers to obtain sensitive...

CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

Path traversal

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

CVE-2014-0472

The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in ah/admin/interactive/execute aka the Interactive Console in the SDK Console aka Admin Console in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrar...

CVE-2008-6954

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

Code injection

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

Wesnoth 1.x - PythonAI Remote Code Execution

Wesnoth 1.x - PythonAI Remote Code Execution source: https://www.securityfocus.com/bid/33971/info Wesnoth is prone to a remote code-execution vulnerability caused by a design error. Attackers can exploit this issue to execute arbitrary Python code in the context of the user running the vulnerable...

Code injection

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the 1 statusmessages or 2 linkintegrity module, which the module unpickles and executes...

CVE-2007-5741

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the 1 statusmessages or 2 linkintegrity module, which the module unpickles and executes...

CVE-2007-1253

Eval injection vulnerability in the a kmzImportWithMesh.py Script for Blender 0.1.9h, as used in b Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted 1 KML or 2 KMZ file...

GLSA-200509-09 : Py2Play: Remote execution of arbitrary Python code

The remote host is affected by the vulnerability described in GLSA-200509-09 Py2Play: Remote execution of arbitrary Python code Arc Riley discovered that Py2Play uses Python pickles to send objects over a peer-to-peer game network, and that clients accept without restriction the objects and code...