pyLoad: Improper Neutralization of Special Elements used in an OS Command

Summary The ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only applied to core config options, not to plugin config options. The AntiVirus plugin stores an...

Bug Bounty Report: Command Injection Vulnerability in subprocess Call

This report is not public...

ansys-geometry-core OS Command Injection vulnerability

subprocess call with shell=True identified, security issue. Code On file src/ansys/geometry/core/connection/productinstance.py: 403 def startprogramargs: Liststr, localenv: Dictstr, str - subprocess.Popen: 404 """ 405 Start the program where the path is the first item of the args array argument...

PT-2024-22792

Name of the Vulnerable Software and Affected Versions PyAnsys Geometry versions prior to 0.3.3 PyAnsys Geometry versions prior to 0.4.12 Description The issue concerns a Python client library for the Ansys Geometry service and other CAD Ansys products. Upon calling the start program method...

Command Injection

paddlepaddle is vulnerable to Command Injection. The vulnerability is caused due to the lack of proper input validation in the user-supplied data savepath and name parameters, which are directly incorporated into the subprocess call. This can lead to command injection...

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting

...

TCPDump 4.5.1 Crash Proof Of Concept

Exploit Title: tcpdump 4.5.1 Access Violation Crash Date: 31st May 2016 Exploit Author: David Silveiro Vendor Homepage: http://www.tcpdump.org Software Link: http://www.tcpdump.org/release/tcpdump-4.5.1.tar.gz Version: 4.5.1 Tested on: Ubuntu 14 LTS from subprocess import call from shlex import...

TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow

TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: Threaded USENET news reader Version: 3.6-23 Tested and developed under: Kali Linux 2.0 x86 -...

Exploit-Tutorial-1

This is a module that will help you learn the basics of exploit development, the focus on this one is a stack-buffer type of overflow and the platform used is GNU/Linux. Basic Buffer Overflow for Linux - Part of the Exploit Pack Tutorials The following exploit code has been written in Python and...

HTML-Help-Workshop-1.4

Date: 31/08/2014 Author: mr.pr0n @pr0n Homepage: http://ghostinthelab.wordpress.com/ Software Link: http://msdn.microsoft.com/en-us/library/windows/desktop/ms669985%28v=vs.85%29.aspx Version: 1.4 Tested on: Windows XP SP3 / Windows 7 Pro import subprocess junk = "A" 832 Junk bytes nseh =...