RCE in Wordnet Browser

Description A user who visits a malicious link with wordnet browser open will execute code on system Proof of Concept Visit http://localhost:8000/lookupgASVKwAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjBB0b3VjaCAvdG1wL1BXTkVElIWUUpQu The base64 is created from import pickle import sys import base64...

GHSA-M2C7-42RF-C62F Unrestricted Upload of File with Dangerous Type in motionEye

motionEye = 0.42.1 and motioneEyeOS = 20200606 allow a remote attacker to upload a configuration backup file containing a malicious python pickle file. This is possible when an installation is accessible over the Internet and uses no or poor authentication credentials. The GitHub repositories for...

CVE-2021-44255

Authenticated remote code execution in MotionEye = 0.42.1 and MotioneEyeOS = 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server...

CVE-2021-44255

Authenticated remote code execution in MotionEye = 0.42.1 and MotioneEyeOS = 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server...

CVE-2021-44255

Authenticated remote code execution in MotionEye = 0.42.1 and MotioneEyeOS = 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server...

motionEyeOS和MotionEye-Project MotionEye 访问控制错误漏洞

Both motionEyeOS and MotionEye-Project MotionEye are products of Calin Crisan, an individual developer. motionEyeOS is a video surveillance operating system for single-board computers. motionEye-Project MotionEye is a web-based motion front-end. An access control error vulnerability exists in...

Sentry 8.2.0 Remote Code Execution

Exploit Title: Sentry 8.2.0 - Remote Code Execution RCE Authenticated Date: 22/09/2021 Exploit Author: Mohin Paramasivam Shad0wQu35t Vulnerability Discovered By : Clement Berthaux SYNACKTIV Software Link: https://sentry.io/welcome/ Advisory:...

Privilege Escalation

system-config-firewall is vulnerable to privilege escalation. It was found that system-config-firewall used the Python pickle module in an insecure way when sending data via D-Bus to the privileged back-end mechanism. A local user authorized to configure firewall rules using system-config-firewal...

CVE-2019-6446

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have...

Arbitrary Code Execution

OpenStack Object Storage swift is vulnerable to arbitrary code execution attack. It unsafely uses python pickle to load and store metadata in memcached,allowing the attacker to execute arbitrary code via a malicious serialized object...

Described in the CTF game found Python deserialization BUG vulnerability flaws-vulnerability warning-the black bar safety net

In the first few days, I had the privilege to join the ToorConCTF（https://twitter.com/toorconctf in addition this event the process of my first time in Python in the invention the sequence of the flaws. In our competition process, there are two provocative touch to be able to perhaps receive the...

Check_MK 1.2.4 < 1.2.4p4 / 1.2.5 < 1.2.5i4 Multiple Vulnerabilities

The version of CheckMK running on the remote web server is 1.2.4 prior to 1.2.4p4 or 1.2.5 prior to 1.2.5i4. It is, therefore, affected by multiple vulnerabilities : - Multiple cross-site script XSS vulnerabilities exist in the multisite component, specifically within the renderstatusicons functi...

swiftonfile: use of insecure Python pickle for metadata serialization and storage

A flaw was found in the way swiftonfile gluster-swift serialized and stored metadata on disk by using Python's pickle module. A remote, authenticated user could use this flaw to execute arbitrary code on the storage node...

Zenoss Core Version Check Remote Code Execution (CVE-2014-6261)

A remote code execution vulnerability exists in the Zenoss Core Application. The vulnerability is due to unpickling of potentially unsafe Python pickle serialized object when checking for software updates from the Zenoss home server. A remote attacker can exploit this vulnerability. Successful...

CVE-2013-5093

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...

Oracle Linux 6 : system-config-firewall (ELSA-2011-0953)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0953 advisory. - fixed possible privilege escalation flaw via use of python pickle CVE-2011-2520, replaced pickle by json rhbz717985 Tenable has extracted the preceding...

Important: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat OpenStack Essex. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Scientific Linux Security Update : system-config-firewall on SL6.x i386/x86_64

system-config-firewall is a graphical user interface for basic firewall setup. It was found that system-config-firewall used the Python pickle module in an insecure way when sending data via D-Bus to the privileged back-end mechanism. A local user authorized to configure firewall rules using...

Fedora 15 : system-config-firewall-1.2.29-4.fc15 (2011-9652)

fixed possible privilege escalation flaw via use of python pickle CVE-2011-2520, replaced pickle by json rhbz717985 and rhbz722991 - stop D-BUS firewall mechanism on update, because D-BUS interface will not be compatible to old pickle version - system-config-printer needs to get updated, too Note...

RHEL 6 : system-config-firewall (RHSA-2011:0953)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0953 advisory. system-config-firewall is a graphical user interface for basic firewall setup. It was found that system-config-firewall used the Python pickle module...