309 matches found
Phpvuln - Audit Tool To Find Common Vulnerabilities In PHP Source Code
phpvuln is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection. Installation You can download phpvuln by cloning the Git...
sar2html 3.2.1 Remote Code Execution
Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution Date: 27-12-2020 Exploit Author: Musyoka Ian Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Ubuntu 18.04.1 !/usr/bin/env python3 import requests...
Updated python3 packages fix security vulnerability
In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP CVE-2020-27619...
OnionSearch - A Script That Scrapes Urls On Different .Onion Search Engines
OnionSearch is a Python3 script that scrapes urls on different ".onion" search engines. Prerequisite Python 3 Currently supported Search engines ahmia darksearchio onionland notevil darksearchenginer phobos onionsearchserver torgle onionsearchengine tordex tor66 tormax haystack multivac evosear...
Exploit for CVE-2020-11651
PoC exploit for CVE-2020-11651 and CVE-2020-11652, two vulnerabi...
RedShell - An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server
An interactive command prompt that executes commands through proxychains and automatically logs them on a Cobalt Strike team server. Installation RedShell runs on Python 3. It also requires a Cobalt Strike client installed on the system where it runs. Install dependencies: pip3 install -r...
Oracle Linux 7 : python3 (ELSA-2020-5010)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5010 advisory. - Avoid infinite loop when reading specially crafted TAR files CVE-2019-20907 Resolves: rhbz1856481 Tenable has extracted the preceding description blo...
freeradius:3.0 security and bug fix update
3.0.20-3 - Require make for proper bootstrap execution, removes post script Resolves: bz1672285 3.0.20-2 - Fix breakage caused by OpenSSL FIPS regression Related: bz1855822 Related: bz1810911 Resolves: bz1672285 3.0.20-1 - Update to FreeRADIUS server version 3.0.20 - Introduce Python 3 support;...
RHEL 8 : python3 (RHSA-2020:4433)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4433 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
[SECURITY] Fedora 32 Update: python27-2.7.18-6.fc32
Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been...
Oracle Linux 7 : python3 (ELSA-2020-3888)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3888 advisory. - Security fix for CVE-2020-8492 Resolves: rhbz1810616 - Security fix for CVE-2019-16935 Resolves: rhbz1797999 Tenable has extracted the preceding...
[SECURITY] Fedora 33 Update: python2.7-2.7.18-6.fc33
Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been...
SpamTitan 7.07 Remote Code Execution
Exploit Title: SpamTitan 7.07 - Remote Code Execution Authenticated Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...
Tiandy IPC and NVR 9.12.7 - Credential Disclosure
Exploit Title: Tiandy IPC and NVR 9.12.7 - Credential Disclosure Date: 2020-09-10 Exploit Author: zb3 Vendor Homepage: http://en.tiandy.com Product Link: http://en.tiandy.com/index.php?s=/home/product/index/category/products.html Software Link:...
Tiandy IPC / NVR 9.12.7 Credential Disclosure
Exploit Title: Tiandy IPC and NVR 9.12.7 - Credential Disclosure Date: 2020-09-10 Exploit Author: zb3 Vendor Homepage: http://en.tiandy.com Product Link: http://en.tiandy.com/index.php?s=/home/product/index/category/products.html Software Link:...
Bluescan - A Powerful Bluetooth Scanner For Scanning BR/LE Devices, LMP, SDP, GATT And Vulnerabilities!
Bluescan is a open source project by Sourcell Xu from DBAPP Security HatLab. Anyone may redistribute copies of bluescan to anyone under the terms stated in the GPL-3.0 license. This document is also available in Chinese. See README-Chinese.md Aren't the previous Bluetooth scanning tools scattered...
Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager
CVE-2020-5902-Scanner Automated F5 Big IP Remote Code Executio...
Fedora: Security Advisory for python3-docs (FEDORA-2020-c3b07cc5c9)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 32 Update: python3-docs-3.8.5-1.fc32
The python3-docs package contains documentation on the Python 3 programming language and interpreter...
[SECURITY] Fedora 32 Update: python27-2.7.18-2.fc32
Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been...