349 matches found
Deserialization of Untrusted Data in PyYAML
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...
GHSA-3PQX-4FQF-J49F Deserialization of Untrusted Data in PyYAML
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342...
glFTPd 2.11a - Remote Denial of Service
Exploit Title: glFTPd 2.11a - Remote Denial of Service Date: 15/05/2021 Exploit Author: xynmaps Vendor Homepage: https://glftpd.io/ Software Link: https://glftpd.io/files/glftpd-LNX-2.11a1.1.1kx64.tgz Version: 2.11a Tested on: Parrot Security OS 5.9.0 ------------------------------- encoding=utf8...
vsftpd 3.0.3 - Remote Denial of Service Exploit
Exploit Title: vsftpd 3.0.3 - Remote Denial of Service Exploit Author: xynmaps Vendor Homepage: https://security.appspot.com/vsftpd.html Software Link: https://security.appspot.com/downloads/vsftpd-3.0.3.tar.gz Version: 3.0.3 Tested on: Parrot Security OS 5.9.0 -------------------------------...
Npm port-killer 操作系统命令注入漏洞
Npm port-killer is an application from Npm. It provides a function to terminate a process running on a given port. An operating system command injection vulnerability exists in Npm port-killer, which uses sub-processes to execute functions without input checking...
Huawei EulerOS: Security Advisory for bzr (EulerOS-SA-2021-1283)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Pure-FTPd 1.0.48 - Remote Denial of Service
Exploit Title: Pure-FTPd 1.0.48 - Remote Denial of Service Date: 2020. nov. 26., 09:32:17 CET Exploit Author: xynmaps Vendor Homepage: https://www.pureftpd.org/project/pure-ftpd/ Software Link: https://github.com/jedisct1/pure-ftpd/ Version: 1.0.48 Tested on: Parrot Security OS 5.9.0 encoding=utf...
EulerOS Virtualization 3.0.6.6 : PyYAML (EulerOS-SA-2020-2475)
According to the versions of the PyYAML package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in the implementation of the Short Message Service SMS handling functionality of Cisco IOS Software and Cisco IOS ...
SAP 3D Visual Enterprise Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting
...
Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28
Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted...
GLSA-202006-05 : Nokogiri: Command injection
The remote host is affected by the vulnerability described in GLSA-202006-05 Nokogiri: Command injection A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Rubys Kernel.open method. Processes are vulnerable only if the undocumented method...
PHP-Fusion 9.03.60 PHP Object Injection / SQL Injection
Exploit Title: PHP-Fusion v9.03.60, PHP Object Injection to SQL injection pre-auth Date: 2020-05-26 Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.60 import sys import requests impo...
SUSE SLES12 Security Update : glibc (SUSE-SU-2020:0832-1)
This update for glibc fixes the following issues : CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution bsc1167631. CVE-2020-1751...
EulerOS Virtualization for ARM 64 3.0.6.0 : PyYAML (EulerOS-SA-2020-1371)
According to the version of the PyYAML package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserializatio...
EulerOS 2.0 SP8 : PyYAML (EulerOS-SA-2020-1297)
According to the version of the PyYAML packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a...
DEBIAN-CVE-2020-1734
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...
CVE-2020-1734
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...
UBUNTU-CVE-2020-1734
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...
PYSEC-2020-6
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...