Design/Logic Flaw

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

CVE-2018-14572

In conference-scheduler-cli, a pickle.load call on imported data allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

CVE-2018-14572

CVE-2018-14572 affects the conference-scheduler-cli package, where a pickle.load on imported data enables an attacker to execute arbitrary code via a crafted .pickle file that contains an os.system call. The underlying vulnerability is unsafe Python object deserialization in conference-scheduler-...

py-yaml -- arbitrary code execution

pyyaml reports: the PyYAML.load function could be easily exploited to call any Python function. That means it could call any system command using os.system...

CVE-2018-7889

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

CVE-2018-7889

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

CVE-2018-7889

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

CVE-2018-7889

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...

Back In Time: Command injection

Background A simple backup tool for Linux, inspired by “flyback project”. Description ‘Back in Time’ did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command leading to some parts of file paths being executed as shell commands within an os.system call. Impact A...

CVE-2017-16667

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

CVE-2017-16667

CVE-2017-16667 - Summary : The Back in Time tool (backintime) prior to version 1.1.24 improperly escapes/quotes file paths passed to the notify-send command, causing parts of the path to be executed as shell commands inside an os.system call in qt4/plugins/notifyplugin.py. This enables a context-...

python-wrapper Untrusted Search Path/Code Execution Vulnerability

No description provided by source. python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root to help'modules' ...

Alice 2.2 - Arbitrary Code Execution Exploit

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: Alice 2.2 Arbitrary Code Execution Exploit Date: Dec 5, 2010 Author: Rew Email: rew splat leethax.info Link: http://alice.org/index.php Version: 2.2 Windows Tested on: WinXP CVE: NA 0day This was a fun one to...

python-wrapper - Untrusted Search PathCode Execution

python-wrapper - Untrusted Search PathCode Execution python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root...

CVE-2007-0404

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...