ICMP-TransferTools - Transfer Files To And From A Windows Host Via ICMP In Restricted Network Environments

ICMP-TransferTools is a set of scripts designed to move files to and from Windows hosts in restricted network environments. This is accomplished using a total of 4 different files, consisting of a python server and powershell client for each transfer direction Download & Upload. The only dependen...

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File

Description Formula Injection/CSV Injection in "Firstname" & "Lastname" due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept 1.Go to a Preferences from the user account and in Personal info of "Firstname" & "Lastname" insert the below payloads. 2.Payloads:-...

Waitress Environmental Issues Vulnerability (CNVD-2022-21483)

Waitress is a WSGI Web Server Gateway Interface server for Python. Waitress 2.1.0 and earlier versions are vulnerable to an environmental issue that stems from a software agent's inability to properly validate incoming HTTP requests for compliance, which allows smuggling through a front-end agent...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228-Log4Shell-POC Complete POC for Infamous Log...

WordPress Social Warfare 3.5.2 Remote Code Execution

Author = Raed Ahsan Creation Date = 24/07/2021 Vulnerability : SocialWarfare 3.5.2 plugin wordpress Remote Code Execution Linkedin = https://linkedin.com/in/raed-ahsan/ import socket import requests import subprocess import time import pyautogui print"Start your python SimpleHTTPServer on port 12...

Simple Traffic Offense System 1.0 Cross Site Scripting

Exploit Title: Traffic Offense System | Stored Cross Site Scripting Cookie-theft Exploit Author: Richard Jones Date: 03-04-2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/12330/simple-traffic-offense-system-php.html Version: 1.0 Tested On:...

Online News Portal 1.0 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: Online News Portal | Stored XSS + CSRF Example Exploit Author: Richard Jones Date: 2021-03-18 Vendor Homepage: https://www.sourcecodester.com/php/14741/online-news-portal-using-phpmysqli-free-download-source-code.html Software Link:...

python security update

CentOS Errata and Security Advisory CESA-2020:1962 An update for python-twisted-web is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

Waitress environmental vulnerability (CNVD-2020-18632)

Waitress is a WSGI Web Server Gateway Interface server for Python. Waitress is vulnerable to an environmental issue. The vulnerability stems from an unreasonable environmental factor in a networked system or product. Detailed vulnerability details are not available at this time...

ALPINE-CVE-2019-16935

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the servertitle field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If setservertitle is called with untrusted input, arbitrary...

FreeRDP Rdp Client License Read Product Info Denial of Service Vulnerability(CVE-2017-2838)

Summary An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use ma...

Notepad++ NPPFtp Plugin 0.26.3 - Buffer Overflow

Notepad++ NPPFtp Plugin 0.26.3 - Buffer Overflow Title : Notepad ++ NPPFtp Plugin Buffer Overflow Date : 19/12/2015 Author : R-73eN Tested on : NPPFtp 0.26.3 Latest Version Software : http://sourceforge.net/projects/nppftp/ Vendor : https://notepad-plus-plus.org/ | | / | / | / \ | | | || ' | | /...

Fedora Update for python-mako FEDORA-2010-10544

Check for the Version of python-mako OpenVAS Vulnerability Test Fedora Update for python-mako FEDORA-2010-10544 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Spyce - Python Server Pages PSP 2.1.3 allow remote attackers to inject arbitrary web script or HTML via 1 the url or type parameter to docs/examples/redirect.spy; 2 the x parameter to docs/examples/handlervalidate.spy; 3 the name parameter to...

Open redirect

Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages PSP 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter...

CVE-2008-0982

Spyce - Python Server Pages PSP 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message...

CVE-2008-0981

Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages PSP 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter...

CVE-2008-0980

Multiple cross-site scripting XSS vulnerabilities in Spyce - Python Server Pages PSP 2.1.3 allow remote attackers to inject arbitrary web script or HTML via 1 the url or type parameter to docs/examples/redirect.spy; 2 the x parameter to docs/examples/handlervalidate.spy; 3 the name parameter to...

CVE-2008-0980

Multiple cross-site scripting XSS vulnerabilities in Spyce - Python Server Pages PSP 2.1.3 allow remote attackers to inject arbitrary web script or HTML via 1 the url or type parameter to docs/examples/redirect.spy; 2 the x parameter to docs/examples/handlervalidate.spy; 3 the name parameter to...

CVE-2008-0981

Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages PSP 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter...