978 matches found
ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service (PoC)
Exploit Title: ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-07-27 Vendor Homepage: https://www.netscantools.com/ippulseinfo.html Software Link : http://download.netscantools.com/ipls192.zip Tested Version: 1.92 Vulnerability...
QNap QVR Client 5.1.1.30070 - Password Denial of Service #PoC Exploit
Exploit for windows platform in category dos / poc Exploit Title: QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service PoC Discovery by: Luis Martínez Vendor Homepage: https://www.qnapsecurity.com/n/en/ Software Link : http://download.qnap.com/Surveillance/QVRClient/Qmon5.1.1.30070.zip Test...
QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service (PoC)
Exploit Title: QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service PoC Discovery by: Luis Martínez Discovery Date: 2018-07-26 Vendor Homepage: https://www.qnapsecurity.com/n/en/ Software Link : http://download.qnap.com/Surveillance/QVRClient/Qmon5.1.1.30070.zip Tested Version: 5.1.1.30070...
GHSA-PVHP-V9QP-XF5R Django-piston and Django-tastypie do not properly deserialize YAML data
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. Django Tastypie has a very similar vulnerability...
Django-piston and Django-tastypie do not properly deserialize YAML data
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. Django Tastypie has a very similar vulnerability...
CVE-2018-7889
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
CVE-2018-7889
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call...
SAP BusinessObjects launch pad - Server-Side Request Forgery
Exploit Title: SAP BusinessObjects launch pad SSRF Date: 2017-11-8 Exploit Author: Ahmad Mahfouz Category: Webapps Author Homepage: www.unixawy.com Description: Design Error in SAP BusinessObjects launch pad leads to SSRF attack !/usr/bin/env python SAP BusinessObjects launch pad SSRF Timing Atta...
w3af - Web Application Attack and Audit Framework
w3af is an open source web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications. The scanner is able to identify 200+ vulnerabilities, including Cross-Site Scripting, SQL injection and OS commanding. Identify an...
Arbitrary Code Execution
owlmixin is vulnerable to arbitrary code execution attacks. It does not use the safeload method to parse YAML in the parseyamlquery method of parser.py, allowing the attacker to load any malicious Python code to the YAML parser...
Arbitrary Code Execution
pyanyapi is vulnerable to arbitrary code execution attacks. It does not use the safeload method to parse YAML in the parseyamlquery method of parser.py, allowing the attacker to load any malicious Python code to the YAML parser...
PHPMailer 5.2.21 Local File Disclosure
Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "admin@localhost"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer MsgHTML$POST"your-message"; if!$mail-Send echo "Error: ".$mail-ErrorInf...
PHPMailer 5.2.21 - Local File Disclosure
PHPMailer 5.2.21 - Local File Disclosure Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "admin@localhost"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer MsgHTML$POST"your-message";...
LaZagne v2.2 - Credentials Recovery Project
The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...
Remote Code Execution (RCE)
ansible-vault is vulnerable to remote code execution RCE attacks. The application uses the unsafe yaml.load method to deserialize YAML files, allowing a malicious user to inject and execute arbitrary python code...
Microsoft Windows - LNK Shortcut File Code Execution Exploit
Exploit for windows platform in category local exploits !/usr/bin/python -- coding: utf-8 -- Title : CVE-2017-8464 | LNK Remote Code Execution Vulnerability CVE : 2017-8464 Authors : ykoster, nixawk Notice : Only for educational purposes. Support : python2 import struct def generateSHELLLINKHEADE...
Windows SMB Zero Day to Be Disclosed During DEF CON
LAS VEGAS—A 20-year-old Windows SMB vulnerability is expected to be disclosed Saturday during a talk at DEF CON. Microsoft has said it will not patch the vulnerability, which allows an attacker to remotely crash a Windows server with relative ease using only 20 lines of Python code and a Raspberr...
Lepide Auditor Suite - createdb() Web Console Database Injection Remote Code Execution
Lepide Auditor Suite - createdb Web Console Database Injection Remote Code Execution !/usr/bin/python """ Lepide Auditor Suite createdb Web Console Database Injection Remote Code Execution Vulnerability Vendor: http://www.lepide.com/ File: lepideauditorsuite.zip SHA1:...
Database Anonymization Arbitrary Code Execution Vulnerability in Multiple Odoo Products
Odoo formerly OpenERP and others are products of the Belgian company Odoo, an Enterprise Resource Planning ERP and Customer Relationship Management CRM system; Odoo Community Edition is its Community Edition; Odoo Enterprise Edition is its Enterprise Edition.Database Database Anonymization module...
CVE-2017-10803
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...