rConfig 3.9.4 Remote Command Injection

Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.4.zip Version: rConfig 3.9.4 Tested on: Cent OS 7 1908...

EulerOS 2.0 SP8 : python3 (EulerOS-SA-2020-1296)

According to the version of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regula...

rConfig 3.9.4 - 'search.crud.php' Remote Command Injection

Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.4.zip Version: rConfig 3.9.4 Tested on: Cent OS 7 1908...

Broadcom Wi-Fi Devices - 'KR00K Information Disclosure

Kr00ker Experimetal KR00K PoC in python3 using scapy Description: This script is a simple experiment to exploit the KR00K vulnerability CVE-2019-15126, that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this script attempts to retrieve Plaintext Data of WPA2 CCMP...

Tentacle: A Vulnerability & Exploitation Test Framework

Yesterday, I was searching for a PoC of a Spring Cloud Config vulnerability. The first result that Google returned was for a cool vulnerability and exploit testing framework – Tentacle. Cherry on the top was that this is open source and has been coded in Python3! This post is an attempt at listin...

Fedora 30 : python3-typed_ast (2020-9b3dabc21c)

Fixes for CVE-2019-19274 and CVE-2019-19275 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

PHPKB Multi-Language 9 Authenticated Remote Code Execution

Exploit Title: PHPKB Multi-Language 9 - Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version: Multi-Language v9 Tested on...

Fedora: Security Advisory for python3-typed_ast (FEDORA-2020-9b3dabc21c)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: python3-typed_ast-1.4.0-2.fc30

A fork of the ast module with type annotations. This package is based on th e ast modules from Python 2 and 3, and has been extended with support for type comments and type annotations as supported in Python 3.6...

SUSE-SU-2020:0684-1 Security update for salt

This update for salt fixes the following issues: - Avoid possible user escalation upgrading salt-master bsc1157465 CVE-2019-18897 - Fix unit tests failures in testbatchasync tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU...

netkit-telnet-0.17 telnetd (Fedora 31) - (BraveStarr) Remote Code Execution Exploit

!/usr/bin/env python3 BraveStarr ========== Proof of Concept remote exploit against Fedora 31 netkit-telnet-0.17 telnetd. This is for demonstration purposes only. It has by no means been engineered to be reliable: 0xff bytes in addresses and inputs are not handled, and a lot of other constraints...

openSUSE Security Update : python3 (openSUSE-2020-274)

This update for python3 fixes the following issues : Security issues fixed : - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs bsc1162825. - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP bsc1162367. Non-security issu...

netkit-telnet-0.17 telnetd (Fedora 31) - BraveStarr Remote Code Execution

netkit-telnet-0.17 telnetd Fedora 31 - BraveStarr Remote Code Execution !/usr/bin/env python3 BraveStarr ========== Proof of Concept remote exploit against Fedora 31 netkit-telnet-0.17 telnetd. This is for demonstration purposes only. It has by no means been engineered to be reliable: 0xff bytes ...

openSUSE: Security Advisory for python3 (openSUSE-SU-2020:0274-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:0274-1 Security update for python3

This update for python3 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs bsc1162825. - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP bsc1162367. Non-security issue...

Security update for python3 (moderate)

openSUSE Security Update: Security update for python3 Announcement ID: openSUSE-SU-2020:0274-1 Rating: moderate References: 1162224 1162367 1162423 1162825 Cross-References: CVE-2019-9674 CVE-2020-8492 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has two fix...

SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2020:0497-1)

This update for python3 fixes the following issues : Update to 3.4.10 jscSLE-9427, bsc1159208 from 3.4.6 : Security issues fixed : Update expat copy from 2.1.1 to 2.2.0 to fix the following issues: CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2017-9233, CVE-2016-9063 CVE-2017-1000158: Fix an...

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0467-1)

This update for python3 fixes the following issues : Security issues fixed : CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs bsc1162825. CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP bsc1162367. Non-security issue...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2020-1175)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : python3 (EulerOS-SA-2020-1175)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service resource consumption via a ZIP bomb.CVE-2019-9674 -...