106 matches found
SUSE: Security Advisory (SUSE-SU-2024:0319-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Improper input validation leads to arbitrary file deletion
Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...
SQLFluff users with access to config file, using `libary_path` may call arbitrary python code
Impact In environments where untrusted users have access to the config files e.g. .sqlfluff, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. Jinja macros are executed within a sandboxed...
DEBIAN-CVE-2023-36830
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
CVE-2023-36830
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
PYSEC-2023-111
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
PYSEC-2023-111
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
CVE-2023-36830 SQLFluff vulnerability for users with access to config file, using `library_path` to call arbitrary python code.
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
CVE-2023-36830 SQLFluff vulnerability for users with access to config file, using `library_path` to call arbitrary python code.
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
CVE-2023-36830
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
OFRAK - Unpack, Modify, And Repack Binaries
OFRAK Open Firmware Reverse Analysis Konsole is a binary analysis and modification platform. OFRAK combines the ability to: Identify and Unpack many binary formats Analyze unpacked binaries with field-tested reverse engineering tools Modify and Repack binaries with powerful patching strategies...
AutoResponder - Carbon Black Response IR Tool
What is it? AutoResponder is a tool aimed to help people to carry out their Incident Response tasks WITH the help of Carbon Black Response's awesome capabilities and WITHOUT much bothering IT/System/Network Teams What can it do? Module | ✔️ / ❌ ---|--- Delete Files | ✔️ Delete Registry Values | ✔️...
numpy: buffer overflow in the PyArray_NewFromDescr_int() in ctors.c
A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArrayNewFromDescrint function of ctors.c when specifying arrays of large dimensions over 32 from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In very...
Shreder - A Powerful Multi-Threaded SSH Protocol Password Bruteforce Tool
Shreder is a powerful multi-threaded SSH protocol password brute-force tool. Features Very fast password guessing, just one password in 0.1 second. Optimized for big password lists, Shreder tries 1000 passwords in 1 minute and 40 seconds. Simple CLI and API usage. Installation pip3 install...
[SECURITY] Fedora 33 Update: librepo-1.12.1-1.fc33
A library providing C and Python libcURL like API to downloading reposito ry metadata...
Multiscanner - Modular File Scanning/Analysis Framework
MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a suite of tools for the user and aggregating the output. Tools can be custom built Python scripts, web APIs, software running on another machine, etc. Tools are incorporated by...
MemProcFS - The Memory Process File System
The Memory Process File System is an easy and convenient way of accessing physical memory as files a virtual file system. Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file...
Spyse.Py - Python API Wrapper And Command-Line Client For The Tools Hosted On Spyse.Com
Python API wrapper and command-line client for the tools hosted on spyse.com. "Spyse is a developer of complete DAAS Data-As-A-Service solutions for Internet security professionals, corporate and remote system administrators, SSL / TLS encryption certificate providers, data centers and business...
UPDATE: Ostinato 0.9!
PenTestIT RSS Feed This tool came to my rescue yet again today! If you remember, I had blogged about this tool in my older post titled - Ostinato: The Network Traffic Generator and Analyzer! As always, before using any tool I tried to update it and there it was - Ostinato 0.9. This update was...
[SECURITY] Fedora 29 Update: libdnf-0.26.0-1.fc29
A Library providing simplified C and Python API to libsolv...