Lucene search
+L

121 matches found

nvd
nvd
added 2020/03/23 11:15 p.m.10 views

CVE-2020-5252

The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...

5CVSS5.2AI score0.00366EPSS
Exploits0References3
osv
osv
added 2020/03/23 11:15 p.m.12 views

CVE-2020-5252

The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...

4.1CVSS6.9AI score
Exploits0References3
prion
prion
added 2020/03/23 11:15 p.m.12 views

Design/Logic Flaw

The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...

1.9CVSS4.6AI score0.00366EPSS
Exploits0References3Affected Software1
pypa
pypa
added 2020/03/23 11:15 p.m.12 views

PYSEC-2020-101

The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...

5CVSS7AI score0.00366EPSS
Exploits0References3Affected Software1
osv
osv
added 2020/03/23 11:15 p.m.19 views

PYSEC-2020-101

The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...

5CVSS1.1AI score0.00366EPSS
Exploits0References3
cve
cve
added 2020/03/23 11:5 p.m.69 views

CVE-2020-5252

CVE-2020-5252 concerns the command-line Python package Safety. Reports describe a low-severity issue where two Python-related characteristics permit a malicious package to poison-pill or obfuscate other packages, allowing bypass of Safety’s detection routines. This is said to occur when Safety ru...

5CVSS4.5AI score0.00366EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2020/03/23 11:5 p.m.16 views

CVE-2020-5252 Malicious package may avoid detection in python auditing

The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...

5CVSS5.2AI score0.00366EPSS
Exploits0References3
attackerkb
attackerkb
added 2020/03/23 12:0 a.m.18 views

CVE-2020-5252

The command-line “safety” package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...

5CVSS0.7AI score0.00366EPSS
Exploits0References4
thn
thn
added 2019/09/24 6:57 p.m.4 views

[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly

An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin—one of the widely used internet forum software, The Hacker News has learned. One of the reasons why the vulnerability should b...

9.8CVSS9.3AI score0.99728EPSS
Exploits27
myhack58
myhack58
added 2019/08/13 12:0 a.m.82 views

CVE-2019-10216: ghostscript sandbox bypasses command execution vulnerability alerts-a vulnerability alert-the black bar safety net

2019 Year 8 months 2 days late, Artifex official in ghostscriptf the master branch on the commit merge Bug 701394 repair. Designed to fix CVE-2019-10216 vulnerability. The vulnerability can be directly, bypassing the ghostscript security sandbox, the attacker can read any file or command executio...

0.2AI score0.02295EPSS
Exploits0
nessus
nessus
added 2019/04/29 12:0 a.m.62 views

openSUSE Security Update : ceph (openSUSE-2019-1284)

This update for ceph version 13.2.4 fixes the following issues : Security issues fixed : - CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety bsc1111177 - CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon bsc1099162 - CVE-2018-1128: Fixed signature check bypass i...

8.1CVSS6.3AI score0.03249EPSS
Exploits0References13
kitploit
kitploit
added 2019/01/28 12:45 p.m.184 views

Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool

The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Running and configuring the scanner The Hawkeye scanner-cli assumes that your directory structure is such that it keeps the...

7.6AI score
Exploits0References6
myhack58
myhack58
added 2018/08/17 12:0 a.m.509 views

Zip Slip arbitrary file overwrite vulnerability analysis-vulnerability warning-the black bar safety net

Zip Slip is a widespread arbitrary file overwrite vulnerability, usually leads to remote command execution. The vulnerability affects range greatly: the 1. Affected products: Hewlett-Packard, Amazon, apache, Pivotal, etc.; 2. The affected programming languages: JavaScript, Python, Ruby,. NET, Go,...

7.7AI score
Exploits0
n0where
n0where
added 2017/06/02 4:15 a.m.70 views

Open Source Intelligence Automation: Spiderfoot

Open Source Intelligence Automation SpiderFoot is an open source footprinting tool, available for Windows and Linux. It is written in Python and provides an easy-to-use GUI. SpiderFoot obtains a wide range of information about a target, such as web servers, netblocks, e-mail addresses and more...

0.1AI score
Exploits0
n0where
n0where
added 2017/05/02 4:33 a.m.37 views

x86 to LLVM Bitcode Translation Framework: McSema

x86 to LLVM Bitcode Translation Framework McSema lifts x86 and amd64 binaries to LLVM bitcode modules. McSema support both Linux and Windows binaries, and most x86 and amd64 instructions, including integer, FPU, and SSE operations. McSema is separated into two conceptual parts: control flow...

0.1AI score
Exploits0References6
myhack58
myhack58
added 2017/04/07 12:0 a.m.102 views

Using the memory corruption vulnerability in the Python sandbox escape-vulnerability warning-the black bar safety net

Simply skip the text the author's README, we directly enter into the technical details. The Python environment using a custom whitelist/blacklist programs to prevent access to dangerous built-in functions, modules, functions, etc. Based on theoperating systemthe isolation provides some additional...

8AI score
Exploits0
myhack58
myhack58
added 2016/09/27 12:0 a.m.30 views

Vulnerability is a combination punch--attack of distributed nodes-the vulnerability of early warning-the black bar safety net

Distributed systems mostly rely on the message queue middleware to solve the asynchronous processing, the application of coupled problems such as Message Queuing middleware of choice in turn depends on the overall system design and implementation, message packaging, transmission, processing throu...

Exploits0
myhack58
myhack58
added 2016/07/31 12:0 a.m.32 views

PHP, Python, etc. web applications break the Remote Agent vulnerability: httpoxy-vulnerability warning-the black bar safety net

This is a for PHP, Go, Python, and other languages CGI application vulnerabilities. httpoxy is a series of effects to CGI or the class CGI to run application vulnerability name. Simple to say, it is a name space conflict. RFC 3 8 7 5 (CGI)is defined from the HTTP request to the Proxy head filled...

7.5AI score
Exploits0
myhack58
myhack58
added 2016/06/18 12:0 a.m.464 views

Python urllib HTTP header injection vulnerability-vulnerability warning-the black bar safety net

The Python urllib library in Python 2 for urllib2 in Python 3 to urllib is a HTTP Protocol the following Protocol flow injection vulnerabilities. If an attacker can control the Python code to access an arbitrary URL, or allow Python code to access a malicious web servr, and that this vulnerabilit...

0.3AI score
Exploits0
myhack58
myhack58
added 2016/04/14 12:0 a.m.146 views

Tools recommended: Scanner Routerhunter, the router vulnerability scanner-vulnerability warning-the black bar safety net

! 0×0 0 Preface We will introduce a Automatic mining router vulnerability test tools, it can be automated on the Internet a wide range of search contains a vulnerability in the routing test, further confirmed these vulnerabilities, which relates to the D-link multiple router. The tool is using...

7.8AI score
Exploits0
Rows per page
Query Builder