121 matches found
CVE-2020-5252
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...
CVE-2020-5252
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...
Design/Logic Flaw
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...
PYSEC-2020-101
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...
PYSEC-2020-101
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...
CVE-2020-5252
CVE-2020-5252 concerns the command-line Python package Safety. Reports describe a low-severity issue where two Python-related characteristics permit a malicious package to poison-pill or obfuscate other packages, allowing bypass of Safety’s detection routines. This is said to occur when Safety ru...
CVE-2020-5252 Malicious package may avoid detection in python auditing
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...
CVE-2020-5252
The command-line “safety” package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...
[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly
An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin—one of the widely used internet forum software, The Hacker News has learned. One of the reasons why the vulnerability should b...
CVE-2019-10216: ghostscript sandbox bypasses command execution vulnerability alerts-a vulnerability alert-the black bar safety net
2019 Year 8 months 2 days late, Artifex official in ghostscriptf the master branch on the commit merge Bug 701394 repair. Designed to fix CVE-2019-10216 vulnerability. The vulnerability can be directly, bypassing the ghostscript security sandbox, the attacker can read any file or command executio...
openSUSE Security Update : ceph (openSUSE-2019-1284)
This update for ceph version 13.2.4 fixes the following issues : Security issues fixed : - CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety bsc1111177 - CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon bsc1099162 - CVE-2018-1128: Fixed signature check bypass i...
Scanner-Cli - A Project Security/Vulnerability/Risk Scanning Tool
The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. Running and configuring the scanner The Hawkeye scanner-cli assumes that your directory structure is such that it keeps the...
Zip Slip arbitrary file overwrite vulnerability analysis-vulnerability warning-the black bar safety net
Zip Slip is a widespread arbitrary file overwrite vulnerability, usually leads to remote command execution. The vulnerability affects range greatly: the 1. Affected products: Hewlett-Packard, Amazon, apache, Pivotal, etc.; 2. The affected programming languages: JavaScript, Python, Ruby,. NET, Go,...
Open Source Intelligence Automation: Spiderfoot
Open Source Intelligence Automation SpiderFoot is an open source footprinting tool, available for Windows and Linux. It is written in Python and provides an easy-to-use GUI. SpiderFoot obtains a wide range of information about a target, such as web servers, netblocks, e-mail addresses and more...
x86 to LLVM Bitcode Translation Framework: McSema
x86 to LLVM Bitcode Translation Framework McSema lifts x86 and amd64 binaries to LLVM bitcode modules. McSema support both Linux and Windows binaries, and most x86 and amd64 instructions, including integer, FPU, and SSE operations. McSema is separated into two conceptual parts: control flow...
Using the memory corruption vulnerability in the Python sandbox escape-vulnerability warning-the black bar safety net
Simply skip the text the author's README, we directly enter into the technical details. The Python environment using a custom whitelist/blacklist programs to prevent access to dangerous built-in functions, modules, functions, etc. Based on theoperating systemthe isolation provides some additional...
Vulnerability is a combination punch--attack of distributed nodes-the vulnerability of early warning-the black bar safety net
Distributed systems mostly rely on the message queue middleware to solve the asynchronous processing, the application of coupled problems such as Message Queuing middleware of choice in turn depends on the overall system design and implementation, message packaging, transmission, processing throu...
PHP, Python, etc. web applications break the Remote Agent vulnerability: httpoxy-vulnerability warning-the black bar safety net
This is a for PHP, Go, Python, and other languages CGI application vulnerabilities. httpoxy is a series of effects to CGI or the class CGI to run application vulnerability name. Simple to say, it is a name space conflict. RFC 3 8 7 5 (CGI)is defined from the HTTP request to the Proxy head filled...
Python urllib HTTP header injection vulnerability-vulnerability warning-the black bar safety net
The Python urllib library in Python 2 for urllib2 in Python 3 to urllib is a HTTP Protocol the following Protocol flow injection vulnerabilities. If an attacker can control the Python code to access an arbitrary URL, or allow Python code to access a malicious web servr, and that this vulnerabilit...
Tools recommended: Scanner Routerhunter, the router vulnerability scanner-vulnerability warning-the black bar safety net
! 0×0 0 Preface We will introduce a Automatic mining router vulnerability test tools, it can be automated on the Internet a wide range of search contains a vulnerability in the routing test, further confirmed these vulnerabilities, which relates to the D-link multiple router. The tool is using...