Valid8Proxy - Tool Designed For Fetching, Validating, And Storing Working Proxies

Valid8Proxy is a versatile and user-friendly tool designed for fetching, validating, and storing working proxies. Whether you need proxies for web scraping, data anonymization, or testing network security, Valid8Proxy simplifies the process by providing a seamless way to obtain reliable and...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2024:0033-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0033-1 advisory. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation mad...

Security Bulletin: Vulnerabilities in Watson NLP and WebSphere Liberty may affect IBM Robotic Process Automation for Cloud Pak

Summary Python is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP and WebSphere Liberty. CVE-2022-48565. GNU gdb is used by IBM Robotic Process Automation for Cloud Pak as part of WebSphere Liberty and base container images. CVE-2023-39129. Vulnerability Details...

RansomwareSim - A Simulated Ransomware

Overview RansomwareSim is a simulated ransomware application developed for educational and training purposes. It is designed to demonstrate how ransomware encrypts files on a system and communicates with a command-and-control server. This tool is strictly for educational use and should not be use...

Joblib: Arbitrary Code Execution

Background Joblib is a set of tools to provide lightweight pipelining in Python. In particular: 1. transparent disk-caching of functions and lazy re-evaluation memoize pattern 2. easy simple parallel computing Joblib is optimized to be fast and robust on large data in particular and has specific...

CVE-2023-51663

Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect OIDC email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change...

Design/Logic Flaw

Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect OIDC email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change...

CVE-2023-51663

Hail authentication issue (CVE-2023-51663) affects Hail with Hail Batch accounts. Root cause: relying on OIDC email addresses to verify user domain; users can change their emails, enabling creation of Hail Batch accounts in domains they shouldn’t access. Impact stated: attacker cannot access priv...

CVE-2020-17163

CVE-2020-17163 affects the Visual Studio Code Python Extension. Multiple sources (including PT-2021-2504) describe a vulnerability due to incorrect code generation management that can lead to arbitrary code execution, with the CVSS vector indicating a LOCAL attack vector and user interaction requ...

[SECURITY] Fedora 38 Update: python3.10-3.10.13-2.fc38

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...

Exploit for Missing Authorization in Zoneminder

Exploit - ZoneMinder CVE-2023-26035 There is a Unauthentica...

[SECURITY] Fedora 39 Update: python3.12-3.12.1-2.fc39

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

Open redirect vulnerability in Flask-Security-Too

An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...

NewStart CGSL MAIN 6.06 : python-lxml Vulnerability (NS-SA-2023-0098)

The remote NewStart CGSL host, running version MAIN 6.06, has python-lxml packages installed that are affected by a vulnerability: - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass...

Exploit for Code Injection in Craftcms Craft_Cms

Craft CMS CVE-2023-41892 There is a Unauthenticated Remote...

Exploit for Server-Side Request Forgery in Naviwebs Navigate_Cms

It is an exploit module targeting Apache HTTP Server. The targe...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

winDED Custom exploit for CVE-2023-38831 using python. Int...

KnowsMore - A Swiss Army Knife Tool For Pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS And DCSync)

KnowsMore officially supports Python 3.8+. Main features Import NTLM Hashes from .ntds output txt file generated by CrackMapExec or secretsdump.py Import NTLM Hashes from NTDS.dit and SYSTEM Import Cracked NTLM hashes from hashcat output file Import BloodHound ZIP or JSON file BloodHound importer...

Ceph: Root Privilege Escalation

Background Ceph is a distributed network file system designed to provide excellent performance, reliability, and scalability. Description A vulnerability has been discovered in Ceph. Please review the CVE identifier referenced below for details. Impact The ceph-crash.service runs the ceph-crash...

CVE-2023-51449

Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of gradio prior to 4.11.0 contained a vulnerability in the /file route which made them susceptible to file traversal...