534 matches found
Exploit for CVE-2018-9995
This is a PoC exploit for CVE-2018-9995, a vulnerability in DVR systems that allows for the exposure of credentials. The exploit is written in Python and uses the requests library to send HTTP requests to the DVR system. The exploit targets various DVR systems, including Novo, CeNova, QSee, Pulni...
EulerOS Virtualization 3.0.2.2 : python-requests (EulerOS-SA-2020-2201)
According to the version of the python-requests package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostna...
Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2020-2201)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for OS Command Injection in Ritecms
CVE-2020-23934 References 1 https://www.exploit-db.co...
CVE-2020-15720
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the...
CVE-2020-15720
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the...
Design/Logic Flaw
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the...
CVE-2020-15720
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the...
CVE-2020-15720
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the...
CVE-2020-15720
The CVE-2020-15720 issue affects Dogtag PKI through 10.8.3 where the pki.client.PKIConnection class does not validate Python-requests certificates because verify is hard-coded in request functions. This can expose non-localhost use cases (e.g., via pki-server) to MITM attacks. Affected remediatio...
Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2020-1753)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.0 : python-requests (EulerOS-SA-2020-1753)
According to the version of the python-requests package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostna...
EulerOS 2.0 SP2 : python-requests (EulerOS-SA-2020-1633)
According to the version of the python-requests package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-htt...
Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2020-1633)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : python-virtualenv on SL7.x (noarch) (20200512)
Security Fixes : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-requests: Redire...
Scientific Linux Security Update : python-pip on SL7.x (noarch) (20200512)
Security Fixes : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-urllib3:...
Moderate: Red Hat Security Advisory: python-pip security update
An update for python-pip is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
python-requests: Redirect from HTTPS to HTTP does not remove Authorization header
A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected 302 from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker coul...
RHEL 7 : python-pip (RHSA-2020:2068)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2068 advisory. pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python...
RHEL 7 : python-virtualenv (RHSA-2020:2081)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2081 advisory. The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of...