12247 matches found
Scdbg 1.0 - Buffer overflow DoS Vulnerability
Exploit Title: Scdbg 1.0 - Buffer overflow DoS Discovery by: Rafael Pedrero Vendor Homepage: http://sandsprite.com/blogs/index.php?uid=7&pid=152 Software Link : https://github.com/dzzie/VSLIBEMU Tested Version: 1.0 - Compile date: Jun 3 2021 20:57:45 Tested on: Windows 7, 10 CVSS v3: 7.5 CVSS...
D-Link DIR 819 A1 - Denial of Service Exploit
Exploit Title: DLink DIR 819 A1 - Denial of Service Date: 30th September, 2022 Exploit Author: @whokilleddb https://twitter.com/whokilleddb Vendor Homepage: https://www.dlink.com/en/products/dir-819-wireless-ac750-dual-band-router Version: DIR-819 Firmware Version : 1.06 Hardware Version : A1...
Zentao Project Management System 17.0 - Authenticated Remote Code Execution (RCE)
Exploit Title: Zentao Project Management System 17.0 - Authenticated Remote Code Execution RCE Exploit Author: mister0xf Date: 2022-10-8 Software Link: https://github.com/easysoft/zentaopms Version: tested on 17.0 probably works also on newer/older versions Tested On: Kali Linux 2022.2 Exploit...
redis-py Race Condition due to incomplete fix
redis-py through 4.5.3 and 4.4.3 leaves a connection open after canceling an async Redis command at an inopportune time in the case of a non-pipeline operation, and can send response data to the client of an unrelated request. NOTE: this issue exists because of an incomplete fix for CVE-2023-2885...
Exploit for Path Traversal in Scriptcase
CVE-2022-32199 ScriptCase python CVE-2022-32...
Updated python-owslib packages fix security vulnerability
XML External Entity XXE Injection CVE-2023-27476...
Updated python-flask-security packages fix security vulnerability
Open redirect CVE-2021-23385...
[SECURITY] Fedora 37 Update: python-cairosvg-2.7.0-1.fc37
CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library...
Bitbucket v7.0.0 - RCE
Exploit Title: Bitbucket v7.0.0 - RCE Date: 09-23-2022 Exploit Author: khal4n1 Vendor Homepage: https://github.com/khal4n1 Tested on: Kali and ubuntu LTS 22.04 CVE : cve-2022-36804 The following exploit is used to exploit a vulnerability present Atlassian Bitbucket Server and Data Center 7.0.0...
CVE-2023-28117
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...
CVE-2023-28117
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...
Design/Logic Flaw
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...
CVE-2023-28117
CVE-2023-28117 affects the Sentry SDK for Python (Django integration) prior to 1.14.0. When sendDefaultPII is True and a custom SESSION_COOKIE_NAME or CSRF_COOKIE_NAME is used, cookies (including session cookies) can be leaked to Sentry, potentially enabling impersonation or privilege escalation ...
CVE-2023-28117 Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...
CVE-2023-28117 Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...
Exploit for Out-of-bounds Write in Fortinet Fortios
cve-2022-42475 POC code to exploit the Heap overflow in Fortin...
Python CGI Documentation Cross Site Scripting
Is there low hanging fruit for the following observation? The documentation of the python cgi module is vulnerable to XSS cross site scripting https://docs.python.org/3/library/cgi.html form = cgi.FieldStorage print"name:", form"name".value print"addr:", form"addr".value First result on google fo...
SUSE SLES12 Security Update : python-cffi (SUSE-SU-2023:0837-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0837-1 advisory. - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions...
Exploit for Improper Input Validation in Microsoft
CVE-2023-23397 Outlook Privilege Escalation Proof of Concept...
CVE-2018-25082
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/toxml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patc...