Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)

Exploit Title: Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal 2 Date: 12 Dec 2020 Exploit Author: [email protected] Vendor Homepage: cisco.com Software Link: It’s against Hardware, specifically ASA’s and FTD’s Version: ASAs from version 9.6 to 9.14.1.10 and FTD’s versions 6.2.3 to...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2020-2528)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Online Marriage Registration System 1.0 Remote Code Execution

Exploit Title: Online Marriage Registration System OMRS 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-14-12 Exploit Author: Andrea Bruschi - www.andreabruschi.net Vendor Homepage: https://phpgurukul.com/ Software Link:...

Cisco ASA 9.14.1.10 / FTD 6.6.0.1 Path Traversal

Exploit Title: Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal 2 Date: 12 Dec 2020 Exploit Author: [email protected] Vendor Homepage: cisco.com Software Link: It’s against Hardware, specifically ASA’s and FTD’s Version: ASAs from version 9.6 to 9.14.1.10 and FTD’s versions 6.2.3 to...

EulerOS 2.0 SP8 : python3 (EulerOS-SA-2020-2528)

According to the version of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP.CVE-2020-27619 Note that...

Security fix for the ALT Linux 9 package python3-module-django version 2.2.17-alt1

Dec. 11, 2020 Alexey Shabalin 2.2.17-alt1 - new version 2.2.17 - Fixes for the following security vulnerabilities: + CVE-2020-13254 Potential data leakage via malformed memcached keys + CVE-2020-13596 Possible XSS via admin ForeignKeyRawIdWidget + CVE-2020-24583: Incorrect permissions on...

Security fix for the ALT Linux 10 package python3-module-django version 2.2.17-alt1

Dec. 11, 2020 Alexey Shabalin 2.2.17-alt1 - new version 2.2.17 - Fixes for the following security vulnerabilities: + CVE-2020-13254 Potential data leakage via malformed memcached keys + CVE-2020-13596 Possible XSS via admin ForeignKeyRawIdWidget + CVE-2020-24583: Incorrect permissions on...

Ubuntu 20.10 : python-apt regression (USN-4668-2)

The remote Ubuntu 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4668-2 advisory. USN-4668-1 introduced a regression in python-apt. Tenable has extracted the preceding description block directly from the Ubuntu security advisory. Note that Nessus h...

SUSE SLES12 Security Update : liblouis (SUSE-SU-2020:3107-1)

This update for liblouis, python-luis and python3-louis fixes the following issue : Security issue fixed : CVE-2018-17294: Fixed an out of bounds read in matchCurrentInput function which could allow a remote attacker to cause Denail of Service bsc1109319. Note that Tenable Network Security has...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python3 Multiple Vulnerabilities (NS-SA-2020-0089)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python3 packages installed that are affected by multiple vulnerabilities: - http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be trick...

SUSE SLES12 Security Update : python3 (SUSE-SU-2020:2699-1)

This update for python3 fixes the following issues : CVE-2019-20907: Fixed denial of service by avoiding possible infinite loop in specifically crafted tarball bsc1174091. CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial ...

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:3593-1)

This update for python3 fixes the following issues : Update to 3.6.12 bsc1179193, including : Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable...

Dup Scout Enterprise 10.0.18 Buffer Overflow

Exploit Title: Dup Scout Enterprise 10.0.18 - 'sid' Remote Buffer Overflow SEH Date: 2020-12-08 Exploit Author: Andrés Roldán Vendor Homepage: http://www.dupscout.com Software Link: http://www.dupscout.com/downloads.html Version: 10.0.18 Tested on: Windows 10 Pro x64 !/usr/bin/env python3 import...

SUSE SLES12 Security Update : python3 (SUSE-SU-2020:3596-1)

This update for python3 fixes the following issues : Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and...

Updated python and python3 packages fix security vulnerabilities

It was discovered that incorrectly handled certain ZIP files. An attacker could possibly use this issue to cause a denial of service CVE-2019-9674. It was discovered that Python documentation had a misleading information. A security issue could be possibly caused by wrong assumptions of this...

openSUSE Security Update : python3 (openSUSE-2020-2190)

This update for python3 fixes the following issues : Update to 3.6.12 bsc1179193, including : - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and...

ProCaster LE-32F430 GStreamer souphttpsrc libsoup/2.51.3 Stack Overflow Exploit

ProCaster LE-32F430 SmartTV remote code execution exploit that leverages a stack overflow vulnerability in GStreamer souphttpsrc libsoup version 2.51.3. !/bin/sh ProCaster LE-32F430 NotSoSmartTV remote code execution exploit through GStreamer souphttpsrc libsoup/2.51.3 HTTP stack overflow...

OPENSUSE-SU-2020:2190-1 Security update for python3

This update for python3 fixes the following issues: Update to 3.6.12 bsc1179193, including: - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 This update was imported from the SUSE:SLE-15:Update update project...

openSUSE Security Update : python-pip (openSUSE-2020-2169)

This update for python-pip fixes the following issues : - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

openSUSE Security Update : python3 (openSUSE-2020-2152)

This update for python3 fixes the following issues : Update to 3.6.12 bsc1179193, including : - Fixed a directory traversal in downloadhttpurl bsc1176262 CVE-2019-20916 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and...