55 matches found
CVE-2026-33229
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...
CVE-2025-13911
The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...
CVE-2025-13911
The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...
CVE-2025-13911
CVE-2025-13911 affects Inductive Automation Ignition SCADA, where Python scripting is used for automation. The root cause is insufficient controls on which Python libraries can be imported/executed within the scripting environment, paired with an Ignition service account that has system-level Win...
CVE-2025-13911 Inductive Automation Ignition Execution with Unnecessary Privileges
The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...
CVE-2025-13911 Inductive Automation Ignition Execution with Unnecessary Privileges
The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...
PT-2025-52333
Name of the Vulnerable Software and Affected Versions Ignition SCADA applications affected versions not specified Description The issue concerns Ignition SCADA applications utilizing Python scripting for automation. A lack of security controls regarding Python library imports and execution allows...
EUVD-2019-10284
Malware in sbrugna...
EUVD-2017-3874
Malware in sbrugna...
EUVD-2017-3913
Malware in sbrugna...
Akaunting < 3.1.3 - RCE
Exploit Title: Akaunting 3.1.3 - RCE Date: 08/02/2024 Exploit Author: [email protected] Vendor Homepage: https://akaunting.com Software Link: https://github.com/akaunting/akaunting Version: = 3.1.3 Tested on: Ubuntu 22.04 CVE : CVE-2024-22836 !/usr/bin/python3 import sys import re import requests...
Cisco NX-OS Software Python Parser Escape (CVE-2017-12301)
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of...
SUSE CVE-2019-20807
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces e.g., Python, Ruby, or Lua...
Vulners Linux Audit API for Host Vulnerability Detection: Manual Auditing, Python Scripting and Licensing
Hello everyone! This episode will be about Vulners Linux Audit API, which allows you to detect vulnerabilities on a Linux host knowing only the OS version and installed packages. I had a similar post about this 4 years ago, but some details have changed, so I came back to this topic. Manual Audit...
UBUNTU-CVE-2019-20807
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces e.g., Python, Ruby, or Lua...
Remote Code Execution (RCE)
OpenOffice.org is vulnerable to Remote Code Execution RCE. A flaw was found in the way OpenOffice.org enforced a macro security setting for macros, written in the Python scripting language, that were embedded in OpenOffice.org documents. If a user were tricked into opening a specially-crafted...
exploit-database
This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains exploits, shellcodes, and papers for various vulnerabilities in different software and systems. The exploits are categorized by operating system, software, and vulnerability...
CVE-2019-1727
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied...
How to correlate different events in Splunk and make dashboards
Recently I've spent some time dealing with Splunk. Despite the fact that I have already done various Splunk searches before, for example in "Tracking software versions using Nessus and Splunk", the correlation of different events in Splunk seems to be a very different task. And there not so many...
TPLINK TLWR740N路由器远程代码执行漏洞(CVE-2017-13772)
INTRODUCTION In October of 2017 we disclosed multiple vulnerabilities in TP-Link’s WR940n router that occurred due to multiple code paths calling strcpy on user controllable unsanitised input CVE-2017-13772 The httpd binary responsible for these vulnerabilities contained patterns of code that...