Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 1 hour 38 min ago

CVE-2019-16261 (UPDATE): Unauthenticated POST requests to Tripp Lite UPS Systems

20 March, 2025 - 07:17

Posted by Lucas Lalumière on Mar 20

[Author]: Lucas Lalumiere
[Contact]: lucas.lalum () gmail com
[Date]: 2025-3-17
[Vendor]: Tripp Lite
[Product]: SU750XL UPS
[Firmware]: 12.04.0052
[CVE Reference]: CVE-2019-16261

============================
Affected Products (Tested):
============================
- Tripp Lite PDU's (e.g., PDUMH15AT)
- Tripp Lite UPS's (e.g., SU750XL) *NEW*

======================
Vulnerability Summary:
======================
CVE-2019-16261 describes...

Multiple sandbox escapes in asteval python sandboxing module

11 March, 2025 - 13:02

Posted by areca-palm via Fulldisclosure on Mar 11

[CVE pending]

Sandboxing Python is notoriously difficult, the Python module "asteval" is no exception. Add to this the fact that a
large set of numpy functions are exposed within the sandbox by default.
Versions <=1.06 are vulnerable.
This vuln has been disclosed to the maintainer, who closed the security advisory and has since pushed his own fix to
master. A CVE is still pending. Publishing the vulnerability through this list...