PT-2026-38418

Name of the Vulnerable Software and Affected Versions Open Notebook version 1.8.3 Description Insufficient user input sanitization allows an application user to perform Server-Side Template Injection SSTI, a flaw where an attacker can inject malicious templates into a server-side engine. This...

EUVD-2017-0101

Malware in sbrugna...

EUVD-2017-0134

Malware in sbrugna...

EUVD-2017-0023

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-13124

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary...

CVE-2020-13124

SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system...

Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2023-002)

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2LIBREOFFICE-2023-002 advisory. LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on vario...

Important: libreoffice

Issue Overview: LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into...

Oracle Linux 8 : libreoffice (ELSA-2020-1598)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1598 advisory. - Resolves: rhbz1743958 CVE-2019-9849, etc. Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

Oracle Linux 7 : libreoffice (ELSA-2020-1151)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1151 advisory. - Resolves: rhbz1743962 CVE-2019-9848 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

PT-2023-25876 · Autogpt · Autogpt

Name of the Vulnerable Software and Affected Versions: Auto-GPT versions prior to 0.4.3 Description: The issue arises from the use of a different docker-compose.yml file when running Auto-GPT by cloning the git repo and executing docker compose run auto-gpt in the repo root. This file mounts itse...

Remote code execution

AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue...

CVE-2023-36467

CVE-2023-36467 concerns AWS data.all, an open-source data marketplace framework. The connected sources confirm that versions 1.2.0 through 1.5.1 are vulnerable to remote code execution when an authenticated user injects Python commands into the Template field during data pipeline configuration. T...

CVE-2023-36467 AWS data.all vulnerable to RCE through user injection of Python Commands

AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue...

SUSE CVE-2017-2810

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...

SUSE CVE-2019-9848

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...

SUSE CVE-2019-9851

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers...

Remote Code Execution (RCE)

psiturk is vulnerable to Remote Code Execution. The vulnerability exists in experiment.py due to the improper sanitization of special elements used as the template engine, which allows a remote attacker to inject and execute arbitrary Python commands...

Fortinet FortiSOAR Rights Management Error Vulnerability

FortiSOAR is a Security Orchestration, Automation and Response SOAR solution from Fortinet, U.S.A. Fortinet FortiSOAR is vulnerable to a privilege management error. An attacker could exploit this vulnerability to execute arbitrary Python commands with root privileges...

CVE-2022-30298

An improper privilege management vulnerability CWE-269 in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...