Local File Inclusion (LFI) Vulnerability

axis2 is vulnerable to a local file inclusion LFI vulnerability. It does not prevent the adding of the root directory of the binary distribution to the class path by axis2server.sh. Also the search for XSD/WSDL files is not limited to the service class loader by SimpleHTTPServer which allows...

Microsoft Event Viewer 1.0 - XML External Entity Injection

Microsoft Event Viewer 1.0 - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EVENT-VIEWER-XXE-FILE-EXFILTRATION.txt + ISR: ApparitionSec + CVE: CVE-2019-0948 Vendor: ===============...

Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery)

import socket, sys , base64, struct, string, urllib from getopt import getopt as GetOpt, GetoptError from uuid import getnode as getmac import SimpleHTTPServer, SocketServer TIMELINE ''' 3/16/2016 - First Submission to Belkin no response 5/3/2016 - Second Submission to Belkin no response 6/4/2016...

Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery)

Belkin F9K1122v1 1.00.30 - Buffer Overflow via Cross-Site Request Forgery import socket, sys , base64, struct, string, urllib from getopt import getopt as GetOpt, GetoptError from uuid import getnode as getmac import SimpleHTTPServer, SocketServer TIMELINE ''' 3/16/2016 - First Submission to Belk...

Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands

Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful yet sometimes complex payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec's most popular use cases is the ability to generate on the fly...

PSF-2016-9 Issue #26657: HTTP server directory traversal

Fix directory traversal vulnerability with http.server and SimpleHTTPServer on Windows. Regression of Python 3.3.5. Python issue reported at 2016-03-14...

Lychee 2.7.1 Remote Code Execution

Advisory ID: SGMA15-002 Title: Lychee remote code execution Product: Lychee Version: 2.7.1 and probably prior Vendor: lychee.electerious.com Vulnerability type: Remote Code Execution Risk level: High Credit: Filippo Cavallarin - segment.technology CVE: N/A Vendor notification: 2015-04-12 Vendor...

Python CGIHTTPServer - Encoded Directory Traversal

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...

Python CGIHTTPServer - Encoded Directory Traversal

Python CGIHTTPServer - Encoded Directory Traversal Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute...

Python CGIHTTPServer File Disclosure / Code Execution

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...

Amazon Linux AMI : python26 (ALAS-2012-98)

A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent to a web application that are used as keys when inserting data into an array...

SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)

This update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. CVE-2012-0845, bnc747125 - hash randomization issues. CVE-2012-1150, bnc751718 - insecure creation of .pypirc. CVE-2011-4944, bnc754447 - SimpleHTTPServer XSS. CVE-2011-1015, bnc752375 - functions can accept...

Ubuntu 8.04 LTS : python2.4 vulnerabilities (USN-1613-2)

USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit thi...

Ubuntu 8.04 LTS : python2.5 vulnerabilities (USN-1613-1)

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...

USN-1613-2: Python 2.4 vulnerabilities

USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. Original advisory details: It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working...

USN-1613-1: Python 2.5 vulnerabilities

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...

USN-1596-1: Python 2.6 vulnerabilities

It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. CVE-2008-5983 It was discovered that the audioop module did not correctly perform...

Ubuntu Update for python2.7 USN-1592-1

Ubuntu Update for Linux kernel vulnerabilities USN-1592-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15921.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for python2.7 USN-1592-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net Th...

Ubuntu 11.04 / 11.10 : python2.7 vulnerabilities (USN-1592-1)

Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. CVE-2011-1521 It was...

Ubuntu: Security Advisory (USN-1592-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...