Light Audio Player 1.0.14 Memory Corruption

!/usr/bin/python + Author: TUNISIAN CYBER + Exploit Title: Light Audio Player 1.0.14 Memory Corruption PoC + Date: 22-03-2014 + Category: DoS/PoC + Tested on: WinXp/Windows 7 Pro + Vendor: http://download.cnet.com/Light-Audio-Player/3000-21394-10791618.html + Friendly Sites:...

HackerOne: PNG compression DoS

ztxt: http://www.libpng.org/pub/png/spec/1.1/PNG-Chunks.htmlC.zTXt "zTXT Documentation" tech: http://www.zlib.net/zlibtech.html "zlib technical details" zlibvuln1: http://www.kb.cert.org/vuls/id/680620 zlibvuln2: http://www.kb.cert.org/vuls/id/238678 PNG compression DoS ---------------------...

Bifrost 1.2.1 - Remote Buffer Overflow

!/usr/bin/python2.7 By : Mohamed Clay import socket from time import sleep from itertools import izip, cycle import base64 import sys def rc4cryptdata, key: x = 0 box = range256 for i in range256: x = x + boxi + ordkeyi % lenkey % 256 boxi, boxx = boxx, boxi x = 0 y = 0 out = for char in data: x ...

MoinMoin twikidraw Action Traversal File Upload Vulnerability

This Metasploit module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. Exploitation is achieved on Apached/modwsgi configurations by overwriting moin.wsgi, which...

MoinMoin twikidraw Action Traversal File Upload

This module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. Exploitation is achieved on Apached/modwsgi configurations by overwriting moin.wsgi, which allows to...

WinRadius 2.11 Denial Of Service

!/usr/bin/python Exploit Title: WinRadius 2.11 DoS Date: 10th June 2013 Exploit Author: npn Exploit Author Homepage: http://www.iodigitalsec.com/ Exploit Author Write Up: http://www.iodigitalsec.com/blog/fuzz-to-denial-of-service-winradius-2-11/ Vendor Homepage: ADVERT HOLDING PAGE...

Viscosity setuid-set ViscosityHelper Privilege Escalation Vulnerability

This Metasploit module exploits a vulnerability in Viscosity 1.4.1 on Mac OS X. The vulnerability exists in the setuid ViscosityHelper, where an insufficient validation of path names allows execution of arbitrary python code as root. This Metasploit module has been tested successfully on Viscosit...

CVE-2012-0861

The vdsinstaller in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vdsbootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via...

CVE-2012-0861

The vdsinstaller in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vdsbootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via...

rhev: vds_installer is prone to MITM when downloading 2nd stage installer

The vdsinstaller in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vdsbootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via...

ptunnel 0.72 - Remote Denial of Service

ptunnel 0.72 - Remote Denial of Service !/usr/bin/env python =============================================================================== Exploit Title: ptunnel ' % sys.argv0 target remotehost = sys.argv1 ptunnel.h typedef struct uint32t magic, // magic number, used to identify ptunnel packets...

Splunk Search Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Splunk Search...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in ah/admin/interactive/execute aka the Interactive Console in the SDK Console aka Admin Console in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrar...

CVE-2011-1364

Cross-site request forgery CSRF vulnerability in ah/admin/interactive/execute aka the Interactive Console in the SDK Console aka Admin Console in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrar...

SLP (Service Location Protocol) Denial Of Service

!/usr/bin/python ''' ================================== Pseudo documentation ================================== ''' SLPick, extension DoS release by Nicolas Gregoire ''' ================================== Imports ================================== ''' import getopt import re import sys import...

Fedora 14 : blender-2.49b-14.fc14 (2011-8474)

Fix CVS-2009-3850. This issue allow the execution of embedded python code in .blend files Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

(cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file

templateapi.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a...

IBM Lotus Domino iCalendar - Email Address Stack Buffer Overflow

source: http://labs.mwrinfosecurity.com/advisories/lotusdominoicalstackbufferoverflow/ IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Vulnerability Package Name: Lotus Domino Server Date Reported: 2010-01-09 Affected Versions: Versions 8.0 and 8.5 on AIX, AIX 64bit, Linux, Linux...

Web Application Security Scanner: w3af

w3af is a Web Application Attack and Audit Framework The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. Identify and exploit a SQL injection One of the most difficult parts of securing your application is to identify the...

SQL injection in OSCommerce Add-On Visitor Web Stats

Popular OSC add-on Visitor Web Stats is completely vulnerable to SQL injections. Although it uses request data i. e. the Accept-Language header, there's no escaping at all. This also applies to the extension's derivative for OSC 3, who's author completely inherited the insufficient code structure...