Design/Logic Flaw

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...

Exploit for Injection in Oracle Agile_Plm

CNTA-2019-0014-CVE-2019-2725 Disclaimer: This tool...

CVE-2019-7537

An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collectyaml method in configobj.py. It can execute arbitrary Python commands, resulting in command execution...

PYSEC-2019-21

An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collectyaml method in configobj.py. It can execute arbitrary Python commands, resulting in command execution...

PYSEC-2019-91

An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collectyaml method in configobj.py. It can execute arbitrary Python commands, resulting in command execution...

Fedora 28 : uwsgi (2018-acfce682f4)

Fix building in Rawhide 1556525 Jakub Jelen - Disable tcpwrappers for Fedora 28 and newer Jakub Jelen --- - Modernize and generalize building of Python subpackages : - replace python with python2 - use appropriate macros for when refering to Python 3 - prefix Python-dependent plugins with the...

CVE-2018-20325

There is a vulnerability in load method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution...

Tablib: Arbitrary command execution

Background Tablib is an MIT Licensed format-agnostic tabular dataset library, written in Python. It allows you to import, export, and manipulate tabular data sets. Description A vulnerability was discovered in Tablib’s Databook loading functionality, due to improper input validation. Impact A...

CVE-2017-16763

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...

CVE-2017-16764

An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...

PYSEC-2017-79

An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...

MLAlchemy Command Execution Vulnerability

MLAlchemy is a Python based open source utility library that converts YAML/JSON to SQLAlchemy SELECT queries. A security vulnerability exists in the YAML parsing functionality of the parseyamlquery method of the arser.py file in versions of MLAlchemy prior to 0.2.2. An attacker can exploit this...

CVE-2017-16618

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...

PYSEC-2017-19

An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...

PYSEC-2017-22

An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file aka loadyaml or loadyamlf can execute arbitrary Python commands resulting in command execution because load is used where safeload should have been used. An...

Command injection

Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a 1 .ma or 2 .mb file that uses the Maya Embedded Language MEL python command or unspecified other MEL commands, related to "Script Nodes."...

CVE-2009-3578

Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a 1 .ma or 2 .mb file that uses the Maya Embedded Language MEL python command or unspecified other MEL commands, related to "Script Nodes."...

GNU Emacs 'python.el'代码执行漏洞

BUGTRAQ ID: 31052 CNCAN ID：CNCAN-2008091008 Emacs是一款可扩展的实时显示编辑器。 GNU Emacs不正确处理Python脚本，本地攻击者可以利用漏洞以应用程序权限执行任意代码。 GNU Emacs命令run-python'启动交互的Python解析器，在Python启动后，Emacs自动发送： import emacs 用于导入Emacs分发的emacs.py脚本，这个脚本一般位于包含其他Emacs程序文件的写保护的安装目录中，定义各种函数帮助Python与Emacs通信处理。...