CVE-2025-71351

picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit in the reduce method, allowing remote code execution. Attackers can craft pickle files that import dangerous libraries like os and execute arbitrary system commands, which evade picklescan detection and execute...

Yum Package Manager Persistence

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Yum Package Manager Persistence', 'Description' = %q This module will run a payload when the package manager is used. No handler is ran...

sos-collector security update

1.5-3.0.1 - To recognize OL systemOraBug 28807430 - import os module to detect /etc/redhat-release OraBug 28740046 1.5-3 - Resolve race condition in cluster profile loading - Quote all options globally - RHBZ1633515 - RHBZ1647955 1.5-2 - Fix cluster option reporting 1.5-1 - Update to version 1.5 ...

Design/Logic Flaw

DISPUTED 360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system"CMD" or os.system"PowerShell", within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue...

PT-2018-14540 · Qihoo 360 · 360 Total Security

Name of the Vulnerable Software and Affected Versions: 360 Total Security version 3.5.0.1033 Description: The issue allows a Sandbox Escape via an import os statement, followed by os.system"CMD" or os.system"PowerShell", within a .py file. The vendor considers this a security-related issue but do...