Plex Unpickle Dict Windows Remote Code Execution Exploit

This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo library, a file named Dict will b...

CVE-2014-3539

CVE-2014-3539 affects the Rope library used with CPython (Python). The issue is triggered by an unsafe call to pickle.load in base/oi/doa.py, enabling remote code execution. NVD data shows high/critical impact (NETWORK, no auth, user interaction not required) with propagation of partial integrity...