966 matches found
Apport Arbitrary Code Execution Vulnerability
Ubuntu is a desktop-oriented GNU/Linux operating system developed by Canonical and the Ubuntu Foundation, and Apport is a toolkit that collects and provides feedback on errors information that the operating system finds useful when an application crashes. A security vulnerability exists in versio...
ntop-ng 2.5.160805 Username Enumeration
Exploit title: ntopng user enumeration Author: Dolev Farhi Contact: dolevf at protonmail.com Date: 04-08-2016 Vendor homepage: ntop.org Software version: v.2.5.160805 !/usr/env/python import os import sys import urllib import urllib2 import cookielib server = 'ip.add.re.ss' username = 'ntopng-use...
CVE-2016-9949
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "". This allows remote attackers to execute arbitrary Python code...
Code injection
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "". This allows remote attackers to execute arbitrary Python code...
Immunity Canvas: APPORT_CRASH_HANDLER
Name| apportcrashhandler ---|--- CVE| CVE-2016-9949 Exploit Pack| CANVAS Description| Ubuntu Apport Crash Handler RCE Notes| CVE Name: CVE-2016-9949 Vendor: Ubuntu Notes: This module creates a crafted Apport crash file report that seems to be a simple text file. When the text file is double click...
CVE-2016-9949
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "". This allows remote attackers to execute arbitrary Python code...
CVE-2016-9949
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "". This allows remote attackers to execute arbitrary Python code...
Ubuntu 14.04 LTS / 16.04 LTS : Apport vulnerabilities (USN-3157-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3157-1 advisory. Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could u...
UBUNTU-CVE-2016-9949
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "". This allows remote attackers to execute arbitrary Python code...
CVE-2016-9949
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "". This allows remote attackers to execute arbitrary Python code...
SAP HANA Sinopia - default user creation policy insecure
Application: SAP HANA Versions Affected: SAP HANA SPS12 Vendor URL: SAP Bug: Insecure default configuration Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 14.02.2017 Reference: SAP Security Note 2407694 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class:...
Memcached 1.4.33 - Add (PoC)
Memcached 1.4.33 - Add PoC Source: http://paper.seebug.org/95/ import struct import socket import sys MEMCACHEDREQUESTMAGIC = "\x80" OPCODEADD = "\x02" keylen = struct.pack"!H",0xfa extralen = "\x08" datatype = "\x00" vbucket = "\x00\x00" bodylen = struct.pack"!I",0xffffffd0 opaque =...
CIScan 1.00 - HostnameIP Field Crash (PoC)
CIScan 1.00 - HostnameIP Field Crash PoC !/usr/bin/env python -- coding: utf-8 -- Exploit Title : CIScanv1.00 Hostname/IP Field Local BoF PoC Discovery by : Irving Aguilar Email : [email protected] Discovery Date : 05.05.2016 Software Link :...
Uber: uber.com may RCE by Flask Jinja2 Template Injection
Hi, Uber Security Team I found an RCE in rider.uber.com. First, if you change your profile name to '7'7 , and you will receive a mail "Your Uber account information has been updated" sent by [email protected] And in mail body, you can see your name become '7777777' This is a vulnerability about...
KeePass Password Safe Classic 1.29 - Crash
1 . run python code : python crash.py 2 . open “KeePass” 3 . File — New Create New Password Database 4 . File — Import — CSV File… 5 . open r3z4.csv 6 . Right Click on “R3Z4” username and edit 7 . Crashed crash.py: !/usr/bin/env python hdr = '"' start syntax hcr = "R3Z4" user oth = ',"' user oth2...
KeePass Password Safe Classic 1.29 - Crash (PoC)
Title : KeePass Password Safe Classic 1.29 - Crash Proof Of Concept Affected Versions: All Version Founder : keepass.info Tested on Windows 7 / Server 2008 Download Link : http://sourceforge.net/projects/keepass/files/KeePass%201.x/1.30/KeePass-1.30.zip Author : Mohammad Reza Espargham Linkedin :...
KeePass Password Safe Classic 1.29 Buffer Overflow
Title : KeePass Password Safe Classic 1.29 - Crash Proof Of Concept Affected Versions: All Version Founder : keepass.info Tested on Windows 7 / Server 2008 Download Link : http://sourceforge.net/projects/keepass/files/KeePass%201.x/1.30/KeePass-1.30.zip Author : Mohammad Reza Espargham Linkedin :...
DEBIAN-CVE-2015-5306
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
PYSEC-2015-28
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
Code injection
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...