GHSA-9347-9W64-Q5WP Jython Improper Access Restrictions vulnerability

Jython before 2.7.2b3 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors...

at.ac.ait.lablink.clients:csvclient (>=0.0.1 <=0.0.2), at.ac.ait.lablink.clients:dpbridge (>=0.0.1 <=0.0.3) +302 more potentially affected by CVE-2013-2027 via org.python:jython-standalone (>=2.5.2 <=2.7.2)

org.python:jython-standalone MAVEN version =2.5.2, =0.0.1, =0.0.1, =0.0.1, =0.0.2, =0.0.2, =0.0.1, =0.0.1, =0.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =1.0.0, =1.0.0, =1.3.0, =2.1.2 and more Source cves: CVE-2013-2027 Source advisory: OSV:GHSA-9347-9W64-Q5WP...

Jython Improper Access Restrictions vulnerability

Jython before 2.7.2b3 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors...

cc.autoapi.pucong:auto-flow-core-flow (>=2.0.0 <=2.0.9), cc.autoapi.pucong:auto-flow-persistence (>=2.0.0 <=2.0.9) +178 more potentially affected by CVE-2016-4000 via org.python:jython-standalone (>=2.5.2 <=2.7.0)

org.python:jython-standalone MAVEN version =2.5.2, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =1.0.0, =1.0.0, =1.3.0, =1.0, =1.0-M1, =1.0-M3, =0.2.13, =0.2.13, =1.0.0, =1.1.0 and more Source cves: CVE-2016-4000 Source advisory: OSV:GHSA-6R7R-JJ8H-PQ6V...

Deserialization of Untrusted Data in Jython

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

cn.hutool:hutool-script (=5.2.5), cn.structured:structure-function-context (=1.0.2) +211 more potentially affected by CVE-2016-4000 via org.python:jython (>=2.2 <=2.7.0)

org.python:jython MAVEN version =2.2, =1.0.1, =1.0.1, =7.12.0, =1.0.110-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =1.1.0-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =1.1.24-RELEASE - com.ahome-it:ahome-tooling-server-vaadin-core =1.0.112-RELEASE - com.alibaba.graphscope:grape-demo =0.18.1 -...

GHSA-6R7R-JJ8H-PQ6V Deserialization of Untrusted Data in Jython

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

Mageia: Security Advisory (MGASA-2015-0096)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Haptyc - Test Generation Framework

Haptyc is a python library which was built to add payload position support and Sniper/Clusterbomb/Batteringram/Pitchfork attack types into Turbo Intruder. While Haptyc accomplishes these goals fairly well it also introduces a simpler way to express test sequences in general. While this library wa...

GitHub Security Lab: [Java] CWE-094: Jython code injection

This bug was reported directly to GitHub Security Lab...

AuthMatrix - A Burp Suite Extension That Provides A Simple Way To Test Authorization

AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are structured in ...

Burp Exporter - A Burp Suite Extension To Copy A Request To The Clipboard As Multiple Programming Languages Functions

Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions. You can export as: cURL Wget Python Request Perl LWP PHP HTTPRequest2 Go Native NodeJS Request jQuery AJAX PowerShell Requirements Jython = 2.7.1 Burp Suite import In Burp Suite, und...

Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2020 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Oracle Flow Builder Jython. Supported versions that are affected are...

Asset Discover - Burp Suite Extension To Discover Assets From HTTP Response

Burp Suite extension to discover assets from HTTP response using passive scanning. Refer our blog Asset Discovery using Burp Suite for more details. The extension is now part of the BApp store and can be installed directly from the Burp Suite...

FLASHMINGO - Automatic Analysis Of SWF Files Based On Some Heuristics

Automatic Analysis Of SWF Files Based On Some Heuristics. Extensible Via Plugins. Install Install the Python 2.7 packages listed in requirements.txt. You can use the following command: pip install -r requirements.txt If you want to use the decompilation functionality you need to install Jython...

Oracle Enterprise Manager Cloud Control (January 2019 CPU)

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A remote code execution vulnerability exists in Jython before 2.7.1rc1. An unauthenticated, remote attacker can exploit this...

ZIP File Raider - Burp Extension For ZIP File Payload Testing

ZIP File Raider is a Burp Suite extension for attacking web application with ZIP file upload functionality. You can easily inject Burp Scanner/Repeater payloads in ZIP content of the HTTP requests which is not feasible by default. This extension helps to automate the extraction and compression...

Debian: Security Advisory (DLA-989-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-201710-28 : Jython: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201710-28 Jython: Arbitrary code execution It was found that Jython is vulnerable to arbitrary code execution by sending a serialized function to the deserializer. Impact : Remote execution of arbitrary code by enticing a user to...

Jython: Arbitrary code execution

Background An implementation of Python written in Java. Description It was found that Jython is vulnerable to arbitrary code execution by sending a serialized function to the deserializer. Impact Remote execution of arbitrary code by enticing a user to execute malicious code. Workaround There is ...