TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (Authenticated) Exploit

!/usr/bin/python3 Exploit Title: TP-Link TL-WR902AC firmware 210730 V3 - Remote Code Execution RCE Authenticated Exploit Author: Tobias Müller Date: 2022-12-01 Version: TL-WR902ACEUV30.9.1 Build 220329 Vendor Homepage: https://www.tp-link.com/ Tested On: TP-Link TL-WR902AC Vulnerability...

GitLab v15.3 - Remote Code Execution (Authenticated) Exploit

Exploit Title: GitLab v15.3 - Remote Code Execution RCE Authenticated Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install/ Version: GitLab CE/EE, all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to...

Fedora: Security Advisory for mingw-python-certifi (FEDORA-2023-7ed04fe4a7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

mindsdb arbitrary file write when extracting a remotely retrieved Tarball

Summary An unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the vulnerability is called a TarSlip or a ZipSlip variant. Details I commented the following...

[SECURITY] Fedora 37 Update: mingw-python-certifi-2022.12.7-1.fc37

MinGW Windows Python certifi...

[SECURITY] Fedora 36 Update: mingw-python-certifi-2022.12.7-1.fc36

MinGW Windows Python certifi...

[SECURITY] Fedora 36 Update: python-cairosvg-2.7.0-1.fc36

CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library...

[SECURITY] Fedora 38 Update: mingw-python-certifi-2022.12.7-1.fc38

MinGW Windows Python certifi...

[SECURITY] Fedora 38 Update: python-cairosvg-2.7.0-1.fc38

CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library...

Inbit Messenger 4.9.0 SEH Overflow

Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow Date: 11/08/2022 Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Windows XP SP3,...

Covenant 0.5 Remote Code Execution

Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Date: 2022-09-11 Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows...

ZTE-H108NS Router - Stack Buffer Overflow Exploit

Exploit Title: ZTE-H108NS - Stack Buffer Overflow DoS Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 Usage: python zte-exploit.py CVE: N/A Tested on: Debian 5.18.5 !/usr/bin/python3 import sys import socket from time import sleep host =...

Router ZTE-H108NS - Stack Buffer Overflow (DoS)

Exploit Title: ZTE-H108NS - Stack Buffer Overflow DoS Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 Usage: python zte-exploit.py CVE: N/A Tested on: Debian 5.18.5 !/usr/bin/python3 import sys import socket from time impor...

SUSE SLES15 / openSUSE 15 Security Update : python-Werkzeug (SUSE-SU-2023:1664-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1664-1 advisory. - Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will...

Fedora: Security Advisory for mingw-python-certifi (FEDORA-2023-bc1545f9bc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

XML External Entity (XXE) injection in sympy

Description Sympy is an open source platform that a computer algebra system written in pure Python . Sympy is vulnerable to an XML External Entity XXE injection in the applyxsl functionality of Sympy due to the usage of etree.XML. Proof of Concept // PoC.py from sympy.utilities.mathml import...

The vulnerability of the Lib/webbrowser.py component in the Python programming language allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Lib/webbrowser.py component of the Python interpreter is related to insufficient neutralization of special elements in requests. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

lambdaisland/uri `authority-regex` returns the wrong authority

Summary authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to CVE-2020-8910. Details https://github.com/lambdaisland/uri/blob/d3355fcd3e235238f4dcd37be97787a84e580072/src/lambdaisland/uri.cljcL9 This...

Scdbg 1.0 Denial Of Service

Exploit Title: Scdbg 1.0 - Buffer overflow DoS Discovery by: Rafael Pedrero Discovery Date: 2021-06-13 Vendor Homepage: http://sandsprite.com/blogs/index.php?uid=7&pid=152 Software Link : https://github.com/dzzie/VSLIBEMU Tested Version: 1.0 - Compile date: Jun 3 2021 20:57:45 Tested on: Windows ...

Sysax Multi Server 6.95 Denial Of Service

Exploit Title: Sysax Multi Server 6.95 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2022-10-05 Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download/sysaxservsetup.msi Tested Version: 6.95 Vulnerability Type: Denial of Service DoS...