PhoneSploit-Pro - An All-In-One Hacking Tool To Remotely Exploit Android Devices Using ADB And Metasploit-Framework To Get A Meterpreter Session

An all-in-one hacking tool written in Python to remotely exploit Android devices using ADB Android Debug Bridge and Metasploit-Framework. Complete Automation to get a Meterpreter session in One Click This tool can automatically Create , Install , and Run payload on the target device using...

K000133652: Python vulnerability CVE-2018-18074

Security Advisory Description The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. CVE-2018-18074 Impact Fo...

K000133448: Python urllib3 vulnerability CVE-2019-11324

Security Advisory Description The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Golang Go is used by IBM Robotic Process Automation as part of the operator CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41716, CVE-2022-41721. Python is used by IBM Robotic Process...

XWiki 7.2-rc-1 < 13.10.11, 14.x < 14.4.7, 14.5.x < 14.10 Code Injection Vulnerability (GHSA-f4v8-58f6-mwj4)

Xwiki is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

XWiki 13.2-rc-1 < 13.10.11, 14.x < 14.4.7, 14.5.x < 14.10 Code Injection Vulnerability (GHSA-p9mj-v5mf-m82x)

Xwiki is prone to a code injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

Exploit for Improper Access Control in Papercut Papercut_Mf

CVE-2023-27350 Exploit POCThis is a Proof of Concept POC explo...

PT-2024-16796

Name of the Vulnerable Software and Affected Versions Python urllib.parse module affected versions not specified Description The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to R...

Exploit for Cleartext Storage of Sensitive Information in Strapi

It is an exploit module for Apache HTTP Server. The target produ...

KubeStalk - Discovers Kubernetes And Related Infrastructure Based Attack Surface From A Black-Box Perspective

KubeStalk is a tool to discover Kubernetes and related infrastructure based attack surface from a black-box perspective. This tool is a community version of the tool used to probe for unsecured Kubernetes clusters around the internet during Project Resonance - Wave 9. Usage The GIF below...

Exploit for Server-Side Request Forgery in Microsoft

CVE-2021-26855 This is a modified version of a POC for proxyl...

Duplicate Advisory: Starlette allows an unauthenticated and remote attacker to specify any number of form fields or files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-74m5-2c7w-9w3x. This link is maintained to preserve external references. Original Description There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated a...

CVE-2023-30798

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

PYSEC-2023-48

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

CVE-2023-30798

CVE-2023-30798 affects Starlette’s multipart handling via the python-multipart MultipartParser prior to 0.25.0. An unauthenticated remote attacker can exploit unlimited form fields/parts to trigger high memory usage and a denial-of-service of the HTTP service. Public documents confirm Encode Star...

CVE-2023-30798

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service...

XWiki Platform vulnerable to code injection from account/view through VFS Tree macro

Impact Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of Macro.VFSTreeMacro. This page is not installed by default. See https://jira.xwiki.org/browse/XWIKI-20260 for the...

GHSA-3989-4C6X-725F XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector

Impact Any user with view rights on XWiki.AttachmentSelector can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping in the "Cancel and return to page" button. This page is installed by default. See...

xwiki-platform-web-templates vulnerable to Eval Injection

Impact Any user with edit rights on a page e.g., it's own user page, can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the information loaded from attachments in imported.vm, importinline.vm, and...

Security Bulletin: Python is vulnerable to CVE-2022-26488 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Python which is vulnerable to CVE-2022-26488 Vulnerability Details CVEID:CVE-2022-26488 DESCRIPTION: Python could allow a local authenticated attacker to gain elevated privileges on the system, caused by an issue when the search path is inadequately...