jithinodattu

2 exploits Active since Aug 2007

CVE-2007-4559 NOMISEC CRITICAL WORKING POC

Python < 3.6.16 - Path Traversal via Tarfile Extract Functions

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

CVSS 9.8

View Code

CVE-2023-24329 NOMISEC HIGH WORKING POC

Python < 3.11.4 - URL Blocklist Bypass via Leading Blank Characters in urllib.parse

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

CVSS 7.5

View Code