SUSE-SU-2021:4015-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading DoS after a http 100. bsc1189241 - CVE-2021-3733: Fixed ReDoS in urllib.request. bsc1189287 - CVE-2021-3426: Fixed an information disclosure via pydoc. bsc1183374 - Rebuild to get new...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:1582-1 Rating: important References: 1192310 1192734 1193519 Cross-References: CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Python Log4RCE An all-in-one pure Python3 PoC for CVE-2021-4...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Python Log4RCE An all-in-one pure Python3 PoC for CVE-2021-4...

Ubuntu 20.04 LTS : Django vulnerability (USN-5178-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5178-1 advisory. Sjoerd Job Postmus and TengMA discovered that Django incorrectly handled URLs with trailing newlines. A remote attacker could possibly use this issue to bypass...

Exploit for SQL Injection in Digitaldruid Hoteldruid

CVE-2021-37832...

Advanced Comment System 1.0 - Remote Command Execution Exploit

Exploit Title: Advanced Comment System 1.0 - Remote Command Execution RCE Exploit Author: Nicole Daniella Murillo Mejias Version: Advanced Comment System 1.0 Tested on: Linux !/usr/bin/env python3 DESCRIPTION: Commands are Base64 encoded and sent via POST requests to the vulnerable application, t...

Advanced Comment System 1.0 - Remote Command Execution (RCE)

Exploit Title: Advanced Comment System 1.0 - Remote Command Execution RCE Date: November 30, 2021 Exploit Author: Nicole Daniella Murillo Mejias Version: Advanced Comment System 1.0 Tested on: Linux !/usr/bin/env python3 DESCRIPTION: Commands are Base64 encoded and sent via POST requests to the...

Exploit for Path Traversal in Microsoft

CVE-2021-40444 PoC Malicious docx generator to exploit CVE-20...

Whispers - Identify Hardcoded Secrets In Static Structured Text

"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...

GNU gdbserver 9.2 Remote Command Execution

Exploit Title: GNU gdbserver 9.2 - Remote Command Execution RCE Date: 2021-11-21 Exploit Author: Roberto Gesteira Miñarro 7Rocky Vendor Homepage: https://www.gnu.org/software/gdb/ Software Link: https://www.gnu.org/software/gdb/download/ Version: GNU gdbserver Ubuntu 9.2-0ubuntu120.04 9.2 Tested...

GNU gdbserver 9.2 - Remote Command Execution Exploit

Exploit Title: GNU gdbserver 9.2 - Remote Command Execution RCE Exploit Author: Roberto Gesteira Miñarro 7Rocky Vendor Homepage: https://www.gnu.org/software/gdb/ Software Link: https://www.gnu.org/software/gdb/download/ Version: GNU gdbserver Ubuntu 9.2-0ubuntu120.04 9.2 Tested on: Ubuntu Linux...

Oracle Linux 7 : python3 (ELSA-2021-9562)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-9562 advisory. 3.6.8-18.0.5 - Remove the 'getfile' feature of pydoc Orabug: 33182027CVE-2021-3426 Tenable has extracted the preceding description block directly from the Oracl...

EulerOS Virtualization 2.9.0 : python3 (EulerOS-SA-2021-2771)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent...

EulerOS Virtualization 2.9.1 : python3 (EulerOS-SA-2021-2736)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2021-2736)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : python-psutil (ELSA-2021-4324)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2021-4324 advisory. 5.4.3-11 - Security fix for CVE-2019-18874: double free because of refcount mishandling Resolves: rhbz1772014 Tenable has extracted the preceding description...

WordPress Smart Product Review 1.0.4 Shell Upload

Exploit Title: Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload Google Dork: inurl: /wp-content/plugins/smart-product-review/ Date: 16/11/2021 Exploit Author: Keyvan Hardani Vendor Homepage: https://demo.codeflist.com/wordpress-plugins/smart-product-review/ Version: = 1.0.4...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2021-2771)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : babel (ELSA-2021-4201)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2021-4201 advisory. 2.5.1-7 - Include the /usr/bin/pybabel binary that runs on Python 3.6 in the python3-babel package Resolves: rhbz1967173 2.5.1-6 - Fix CVE-2021-20095 Resolves:...