Exploit for Code Injection in Microsoft

🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...

Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets

Threat hunters have discovered a set of seven packages on the Python Package Index PyPI repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet. The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs...

VMware Cloud Director 10.5 - Bypass identity verification

Exploit Title: VMware Cloud Director | Bypass identity verification Google Dork: non Date: 12/06/2023 Exploit Author: Abdualhadi khalifa Version: 10.5 CVE : CVE-2023-34060 import requests import paramiko import subprocess import socket import argparse import threading Define a function to check i...

Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR

!/usr/bin/python3 Title: Hitachi NAS HNAS System Management Unit SMU Backup & Restore IDOR Vulnerability CVE: CVE-2023-5808 Date: 2023-12-13 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host",...

Akaunting 3.1.3 Remote Command Execution

Exploit Title: Akaunting 3.1.3 - RCE Date: 08/02/2024 Exploit Author: [email protected] Vendor Homepage: https://akaunting.com Software Link: https://github.com/akaunting/akaunting Version: = 3.1.3 Tested on: Ubuntu 22.04 CVE : CVE-2024-22836 !/usr/bin/python3 import sys import re import requests...

Fedora: Security Advisory (FEDORA-2024-cafa04a149)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for CVE-2024-23780

CVE-2024-23780 Exploit for Netbox This script exploits CVE-20...

Fedora: Security Advisory for bsf (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:0763-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: bsf-2.4.0-54.fc40

Bean Scripting Framework BSF is a set of Java classes which provides scripting language support within Java applications, and access to Java objects and methods from scripting languages. BSF allows one to write JSPs in languages other than Java while providing access to the Java class library. In...

WinFiHack - A Windows Wifi Brute Forcing Utility Which Is An Extremely Old Method But Still Works Without The Requirement Of External Dependencies

WinFiHack is a recreational attempt by me to rewrite my previous project Brute-Hacking-Framework's main wifi hacking script that uses netsh and native Windows scripts to create a wifi bruteforcer. This is in no way a fast script nor a superior way of doing the same hack but it needs no external...

New Python-Based Snake Info Stealer Spreading Through Facebook Messages

Facebook messages are being used by threat actors to distribute a Python-based information stealer dubbed Snake that's designed to capture credentials and other sensitive data. "The credentials harvested from unsuspecting users are transmitted to different platforms such as Discord, GitHub, and...

Exploit for Server-Side Request Forgery in Fusion_Builder_Project Fusion_Builder

git clone https://github.com/s...

BIT-TENSORFLOW-2021-41213 Deadlock in mutually recursive `tf.function` objects

TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...

BIT-TENSORFLOW-2022-36027 Segfault TFLite converter on per-channel quantized transposed convolutions in TensorFlow

TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be...

BIT-PYTHON-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

BIT-PYTHON-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...

BIT-PYTHON-2020-15801

In Python 3.8.4, sys.path restrictions specified in a python38.pth file are ignored, allowing code to be loaded from arbitrary locations. The .pth file e.g., the python.pth file is not affected...

BIT-PYTHON-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request...

BIT-PYTHON-2020-27619

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...