978 matches found
SUSE CVE-2007-1253
Eval injection vulnerability in the a kmzImportWithMesh.py Script for Blender 0.1.9h, as used in b Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted 1 KML or 2 KMZ file...
SUSE CVE-2008-6954
The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...
MAL-2023-2124 Malicious code in python-inance (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx c0001fcdc94573a491859eca78992119ed328ccaecbcb75088ffeee57a08153d Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
MP3 Convert Lord V1.0 Local Seh Exploit
Exploit Title: MP3 Convert Lord V1.0 Local Seh Exploit Date: 06.01.2023 Vendor Homepage: http://www.avlord.com/ Software Link: https://www.softpedia.com/dyn-postdownload.php/baa965c6b5d22d62987a4638f33d5ec1/63b86eb2/3ecb/4/2 Exploit Author: Achilles Tested Version: 1.0 Tested on: Windows 7 x64 1....
Design/Logic Flaw
Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description USD files to customize all aspects of a scene. If a user opens a USD file th...
CVE-2022-42268
Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description USD files to customize all aspects of a scene. If a user opens a USD file th...
CVE-2022-42268
Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description USD files to customize all aspects of a scene. If a user opens a USD file th...
CVE-2022-42268
The CVE-2022-42268 issue affects NVIDIA Omniverse Kit components (Audio2Face, Create, Isaac Sim, View, Code, Machinima). A vulnerability allows executable Python code embedded in USD files to run with the user’s privileges when opened, enabling information disclosure, data tampering, and denial o...
ChatGPT-Written Malware
I dont know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums--some with little or no coding experience--were using it to write software and emails that could be used fo...
Security Bulletin: NVIDIA Omniverse Kit - January 2023
NVIDIA has released a software update for NVIDIA Omniverse™ Kit to address a security issue that may lead to code execution, information disclosure, data tampering, and denial of service. To protect your system, open the Omniverse Launcher and apply the appropriate update. Go to NVIDIA Product...
GoGo CD Ripper V1.4.9 Denial of Service Exploit
Exploit Title: GoGo CD Ripper V1.4.9 Denial of Service Exploit Date: 30.12.2022 Vendor Homepage:https://cd-mp3.org/ Software Link: https://download.cnet.com/Gogo-CD-To-MP3-Ripper/3001-21404-10330843.ht Exploit Author: Achilles Tested Version: v1.4.9 Tested on: Windows 7 x64 1.- Run python code...
What’s My Name Again? Reolink camera command injection
TL;DR Research on Reolink’s RLC-520A smart motion detection camera has turned up an authenticated command injection vulnerability. Exploiting this vulnerability with an injected system command can render the device useless. Introduction The camera is vulnerable to an authenticated command injecti...
Zapier 安全漏洞
Zapier is a product of Zapier, Inc. that allows end users to integrate the We b applications they use and automate workflows. A security vulnerability exists in versions of Zapier prior to 2022-08-17 that stems from code written to allow in-account privilege escalation. An attacker exploited the...
Code injection
The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...
PYSEC-2022-43106
The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0...
CVE-2022-38885
The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...
PT-2022-23189 · Xwiki · Xwiki Platform Wiki Ui Main Wiki
Name of the Vulnerable Software and Affected Versions: XWiki Platform Wiki UI Main Wiki versions 5.3-milestone-2 through 13.10.5 XWiki Platform Wiki UI Main Wiki versions 5.3-milestone-2 through 14.3 Description: It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity...
CVE-2022-35871
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from th...
CVE-2022-35871
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from th...
CVE-2022-35871
Inductive Automation Ignition 8.1.15 (b2022030114) is affected by CVE-2022-35871. The flaw is in the authenticateAdSso method, where lack of authentication allows executing Python code, potentially running as SYSTEM. This is a remote-exploitable issue without required authentication. Connected so...