43 matches found
MEGABOT Discord Bot 安全漏洞
MEGABOT Discord Bot is a fully customized Discord bot by Nic Jones personal developer. It is used for learning and entertainment. A security vulnerability exists in MEGABOT Discord Bot versions prior to 1.5.0, which stems from the presence of a remote code execution issue that allows an attacker ...
CVE-2024-6891
Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow...
CVE-2024-6891
Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow...
CVE-2024-6891 Journyx Authenticated Remote Code Execution
Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow...
PT-2024-37932 · Journyx · Journyx
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. This issue allows for the...
Code injection
IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965...
Code injection
The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...
Netsweeper WebAdmin unixlogin.php Python Code Injection
This module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based...
Code injection
Python keyring lib before 0.10 created keyring files with world-readable permissions...
CVE-2019-17526
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an import'os'.popen'whoami'.read...
CVE-2019-17526
SageMath Sage Cell Server is affected by a Python code injection vulnerability (CVE-2019-17526) in internet-facing web applications, demonstrated by import ('os').popen('whoami').read(). The issue is described across multiple sources (NVD, Red Hat, CNVD, Veracode, CVE list, etc.) as allowing arbi...
CVE-2019-17526
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an import'os'.popen'whoami'.read...
PT-2019-15185 · Sagemath · Sagemath Sage Cell Server
Name of the Vulnerable Software and Affected Versions: SageMath Sage Cell Server versions prior to 2019-10-05 Description: An issue in SageMath Sage Cell Server allows Python Code Injection, enabling malicious actors to execute arbitrary commands on the underlying operating system. This can be...
blueman - set_dhcp_handler D-Bus Privilege Escalation Exploit
Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'blueman setdhcphandler D-Bus Privilege Escalation', 'Description' = %q This module attempts...
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'blueman setdhcphandler D-Bus Privilege Escalation', 'Description' = %q This module attempts to gain root privileges by exploiting a Python code...
CVE-2018-16168
LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors...
CVE-2018-16168
LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors...
Unspecified Vulnerability in Green Electronics RainMachine Mini-8 (CNVD-2019-28250)
The Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics USA. A security vulnerability exists in the 'Weather Service' feature in the Green Electronics RainMachine Mini-8 2nd generation. The vulnerability can be exploited to inject arbitrary Python code via...
CVE-2018-6012
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 2nd generation allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function...
CVE-2018-6012
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 2nd generation allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function...