978 matches found
CVE-2017-10803
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...
CVE-2017-10803
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...
CVE-2017-10803
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used...
Odoo CRM 10.0 - Code Execution
Odoo CRM 10.0 - Code Execution Vulnerability Summary The following advisory describe arbitrary Python code execution found in Odoo CRM version 10.0 Odoo is a suite of open source business apps that cover all your company needs: CRM, eCommerce, accounting, inventory, point of sale, project...
Code injection
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python cod...
CVE-2017-9807
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python cod...
CVE-2017-9807
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python cod...
Remote Code Execution (RCE)
Tablib is vulnerable to remote code execution RCE. These attacks are possible because untrusted data is deserialized allowing attacks to execute python code...
CVE-2015-6531
Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file...
CVE-2015-6531
Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file...
Cloudflare-scrape Arbitrary Code Execution Vulnerability
cloudflare-scrape is a Python module for bypassing Cloudflare's bot pages. A security vulnerability exists in cloudflare-scrape versions 1.6.6 through 1.7.1. An attacker can exploit the vulnerability to execute arbitrary Python code with the help of a malicious page...
CVE-2017-7235
An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0...
Apport Arbitrary Code Execution Vulnerability
Ubuntu is a desktop-oriented GNU/Linux operating system developed by Canonical and the Ubuntu Foundation, and Apport is a toolkit that collects and provides feedback on errors information that the operating system finds useful when an application crashes. A security vulnerability exists in versio...
ntop-ng 2.5.160805 Username Enumeration
Exploit title: ntopng user enumeration Author: Dolev Farhi Contact: dolevf at protonmail.com Date: 04-08-2016 Vendor homepage: ntop.org Software version: v.2.5.160805 !/usr/env/python import os import sys import urllib import urllib2 import cookielib server = 'ip.add.re.ss' username = 'ntopng-use...
Immunity Canvas: APPORT_CRASH_HANDLER
Name| apportcrashhandler ---|--- CVE| CVE-2016-9949 Exploit Pack| CANVAS Description| Ubuntu Apport Crash Handler RCE Notes| CVE Name: CVE-2016-9949 Vendor: Ubuntu Notes: This module creates a crafted Apport crash file report that seems to be a simple text file. When the text file is double click...
CVE-2016-9949
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "". This allows remote attackers to execute arbitrary Python code...
Code injection
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "". This allows remote attackers to execute arbitrary Python code...
CVE-2016-9949
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "". This allows remote attackers to execute arbitrary Python code...
CVE-2016-9949
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "". This allows remote attackers to execute arbitrary Python code...
Ubuntu 14.04 LTS / 16.04 LTS : Apport vulnerabilities (USN-3157-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3157-1 advisory. Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could u...