978 matches found
CVE-2023-47204
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...
CVE-2023-47204
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...
transmute-core security vulnerability
transmute-core is a library for building API generators for Python webframeworks. A security vulnerability exists in versions of transmute-core prior to 1.13.5, which stems from the presence of insecure YAML deserialization and allows attackers to execute arbitrary Python code...
Oracle Linux 7 : python-reportlab (ELSA-2023-5616)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5616 advisory. 2.5-11 - Do not evaluate unichar element - Resolves: RHEL-7011 Tenable has extracted the preceding description block directly from the Oracle Linux security...
GHSA-GJJR-63X4-V8CQ langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
langchainexperimental aka LangChain Experimental in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by palchain/base.py...
Presto JDBC Server-Side Request Forgery by nextUri
Summary Presto JDBC is vulnerable to Server-Side Request Forgery SSRF when connecting a remote Presto server. An attacker can modify the nextUri parameter to internal server in response content that Presto JDBC client will request next and view sensitive information from highly sensitive internal...
GHSA-PJ98-2XF6-CFF5 ReportLab vulnerable to remote code execution via paraparser
paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...
Remote code execution
paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...
Remote Code Execution
ethyca-fides is vulnerable to Arbitrary Code Execution. The vulnerability is due to certain API clients who have a special level of permission called "CONNECTORTEMPLATEREGISTER." In the Fides Admin interface one can upload a zip file with arbitrary python code and can execute it. Exploitation is...
GHSA-P6P2-QQ95-VQ5H Remote Code Execution in Custom Integration Upload
Impact The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox...
CVE-2023-41050 Information disclosure through Python's "format" functionality in Zope AccessControl
AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use...
CVE-2023-41319 Remote Code Execution in Custom Integration Upload in Fides
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML...
CVE-2023-41319 Remote Code Execution in Custom Integration Upload in Fides
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML...
CVE-2023-41319 Remote Code Execution in Custom Integration Upload in Fides
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML...
General Device Manager 2.5.2.2 - Buffer Overflow (SEH) Exploit
Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow SEH Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/GeneralDeviceManager.zip Exploit Author: Ahmet Ümit BAYRAM Tested Version: 2.5.2.2 Tested on: Windows 10...
RaidenFTPD 2.4.4005 - Buffer Overflow (SEH) Exploit
Exploit Title: RaidenFTPD 2.4.4005 - Buffer Overflow SEH Exploit Author: Andre Nogueira Vendor Homepage: https://www.raidenftpd.com/en/ Software Link: http://www.raidenmaild.com/download/raidenftpd2.exe Version: RaidenFTPD 2.4.4005 Tested on: Microsoft Windows 10 Build 19045 1.- Open RaidenFTPD 2...
Information Disclosure
agpt is vulnerable to Information Disclosure. The vulnerability exists because it does not properly restrict writing to the docker-compose.yml, which allows an attacker to inject malicious custom Python code into the system the next time the docker container is run by overwriting the compose file...
RaidenFTPD 2.4.4005 - Buffer Overflow (SEH)
Exploit Title: RaidenFTPD 2.4.4005 - Buffer Overflow SEH Date: 18/07/2023 Exploit Author: Andre Nogueira Vendor Homepage: https://www.raidenftpd.com/en/ Software Link: http://www.raidenmaild.com/download/raidenftpd2.exe Version: RaidenFTPD 2.4.4005 Tested on: Microsoft Windows 10 Build 19045 1.-...
Design/Logic Flaw
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing docker compose run auto-gpt in the repo root uses a different docker-compose.yml file from the one suggested i...
CVE-2023-37274 Python code execution sandbox escape in non-docker version in Auto-GPT
Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which...