56 matches found
CVE-2022-42919
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...
CVE-2022-42919
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...
PSF-2022-9 Linux specific local privilege escalation via the multiprocessing forkserver start method
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...
Ubuntu 22.04 LTS : Python vulnerability (USN-5713-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5713-1 advisory. Devin Jeanpierre discovered that Python incorrectly handled sockets when the multiprocessing module was being used. A local attacker could possibly use this issue...
CVE-2022-42919
A vulnerability found in Python. The flaw occurs when used with the forkserver start method on Linux. The Python multiprocessing library allows Python pickles to be deserialized from any user in the same machine's local network namespace in many system configurations, which means any user on the...
GHSA-HF26-VVMX-X8C8 Plone Arbitrary Code Execution via Unsafe Handling of Pickles
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the 1 statusmessages or 2 linkintegrity module, which the module unpickles and executes...
Plone Arbitrary Code Execution via Unsafe Handling of Pickles
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the 1 statusmessages or 2 linkintegrity module, which the module unpickles and executes...
Podman Varlink 1.5.1 - Remote Code Execution
Podman Varlink 1.5.1 - Remote Code Execution Exploit Title: Podman & Varlink 1.5.1 - Remote Code Execution Exploit Author: Jeremy Brown Date: 2019-10-15 Vendor Homepage: https://podman.io/ Software Link: dnf install podman or https://github.com/containers/libpod/releases Version: 1.5.1 Tested on:...
Firmware Slap - Discovering Vulnerabilities In Firmware Through Concolic Analysis And Function Clustering
Firmware slap combines concolic analysis with function clustering for vulnerability discovery and function similarity in firmware. Firmware slap is built as a series of libraries and exports most information as either pickles or JSON for integration with other tools. Slides from the talk can be...
Liberapay: Unsafe deserialization in Libera Pay allows to escalate a SQL injection to Remote Command Execution
Hello. There isn't a direct vulnerability, however a SQL injection would easily be escalated to a Remote Code Execution. I can't directly exploit it due to the restriction on team names it does not accept hexdecimal values. I, however, submit this issue in advance and will attempt to escalate thi...
pickles.com.au XSS vulnerability
Open Bug Bounty ID: OBB-565177 Description| Value ---|--- Affected Website:| pickles.com.au Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
FreeBSD : plone -- unsafe data interpreted as pickles (ffba6ab0-90b5-11dc-9835-003048705d5a)
Plone projectreports : This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process. %NASLMINLEVEL 70300 C Tenable Network...
plone -- unsafe data interpreted as pickles
Plone projectreports: This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process...
p2play game engine code execution
It's possiblt to execute code thorugh object pickles...
Py2Play: Remote execution of arbitrary Python code
Background Py2Play is a peer-to-peer network game engine written in Python. Pickling is a Python feature allowing to serialize Python objects into string representations called pickles that can be sent over the network. Description Arc Riley discovered that Py2Play uses Python pickles to send...
GLSA-200509-09 : Py2Play: Remote execution of arbitrary Python code
The remote host is affected by the vulnerability described in GLSA-200509-09 Py2Play: Remote execution of arbitrary Python code Arc Riley discovered that Py2Play uses Python pickles to send objects over a peer-to-peer game network, and that clients accept without restriction the objects and code...