CVE-2020-15348

CVE-2020-15348 affects Zyxel CloudCNM SecuManager (versions 3.1.0 and 3.1.1). The issue is a Python code injection vulnerability exposed through the endpoint live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids=, enabling remote code execution. Multiple connected sources corroborate that ...

Frigate 2.02 - Denial Of Service (PoC)

Exploit Title: Frigate 2.02 - Denial Of Service PoC Vendor Homepage: http://www.frigate3.com/ Software Link Download: http://www.frigate3.com/download/Frigate2.exe Exploit Author: Paras Bhatia Discovery Date: 2020-06-22 Vulnerable Software: Frigate Version: 2.02 Vulnerability Type: Denial of...

Code Blocks 17.12 - 'File Name' Local Buffer Overflow (Unicode) (SEH) (PoC)

Exploit Title: Code Blocks 17.12 - 'File Name' Local Buffer Overflow Unicode SEH PoC Vendor Homepage: http://www.codeblocks.org/ Software Link Download: https://sourceforge.net/projects/codeblocks/files/Binaries/17.12/Windows/codeblocks-17.12-setup.exe/download Exploit Author: Paras Bhatia...

Plex Media Server < 1.19.3 Authenticated RCE

According to its self-reported version number, the version of Plex Media Server installed on the remote Windows host is prior to 1.19.3. It is, therefore, affected by an authenticated remote code execution vulnerability in the camera upload feature. An authenticated, remote attacker can exploit...

Frigate 3.36.0.9 Local Buffer Overflow

Exploit Title: Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow SEH PoC Vendor Homepage: http://www.frigate3.com/ Software Link Download: http://www.frigate3.com/download/frigate3pro.exe Exploit Author: Paras Bhatia Discovery Date: 2020-06-07 Vulnerable Software: Frigate Version: "Command...

CVE-2020-13388

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...

Design/Logic Flaw

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...

CVE-2020-13144

Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New courseNew sectionNew subsectionNew unitAdd new componentProblem buttonAdvanced tabCustom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code...

CVE-2020-13144

Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New courseNew sectionNew subsectionNew unitAdd new componentProblem buttonAdvanced tabCustom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code...

Netsweeper WebAdmin unixlogin.php Python Code Injection

This module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based...

Plex Media Server < 1.19.3 RCE Vulnerability

Plex Media Server is prone to an authenticated remote code execution RCE vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

CVE-2020-5741

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code...

CVE-2020-5741

Plex Media Server on Windows prior to version 1.19.3 is affected by CVE-2020-5741: an authenticated attacker can trigger unsafe Python pickle deserialization (Dict file) during camera-upload related processing, leading to remote code execution as the OS user who runs Plex. Public references descr...

CVE-2020-5741

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code...

CVE-2020-5741

Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. Recent assessments: zeroSteiner at November 11, 2020 6:24pm UTC reported: A vulnerability exists within Plex that allows an authenticated attacker to submit...

PT-2020-6851 · Plex · Plex Media Server

Name of the Vulnerable Software and Affected Versions: Plex Media Server affected versions not specified Description: The issue concerns the deserialization of untrusted data in Plex Media Server, allowing a remote, authenticated attacker to execute arbitrary Python code. This can be exploited by...

Plex Media Server Input Validation Error Vulnerability

Plex Media Server is a media player and media server software. A security vulnerability exists in Plex Media Server Windows that stems from faulty access control. A local attacker can exploit the vulnerability to execute arbitrary Python code with SYSTEM privileges...

Input validation

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges...

CVE-2020-5740

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges...

CVE-2020-5740

Plex Media Server (Windows) is affected by CVE-2020-5740 due to improper input validation. The vulnerability allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges through the Plex update service/related input handling. This is a local privilege-escalatio...