966 matches found
ARD-9808 DVR Card Security Camera - GET Remote Denial of Service
ARD-9808 DVR Card Security Camera - GET Remote Denial of Service import socket import sys print "----------------------------------------------------------------" print " ARD-9808 DVR Card Security Camera = Remote Denial Of Service " print " author: Stack " print...
CVE-2008-6539
Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destarcfg.py via a crafted pin parameter...
Code injection
Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destarcfg.py via a crafted pin parameter...
CVE-2008-6539
Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destarcfg.py via a crafted pin parameter...
CVE-2008-6539
Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destarcfg.py via a crafted pin parameter...
CVE-2008-6539
The CVE-2008-6539 entry is concrete: DeStar 0.2.2-5 contains a static code injection in the user/settings/ path that allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter. The underlying issue is a code-in...
Debian DSA-1737-1 : wesnoth - several vulnerabilities
Several security issues have been discovered in wesnoth, a fantasy turn-based strategy game. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0366 Daniel Franke discovered that the wesnoth server is prone to a denial of service attack when receiving...
Wesnoth 1.x - PythonAI Remote Code Execution
Wesnoth 1.x - PythonAI Remote Code Execution source: https://www.securityfocus.com/bid/33971/info Wesnoth is prone to a remote code-execution vulnerability caused by a design error. Attackers can exploit this issue to execute arbitrary Python code in the context of the user running the vulnerable...
Wesnoth 1.x - PythonAI Remote Code Execution
source: https://www.securityfocus.com/bid/33971/info Wesnoth is prone to a remote code-execution vulnerability caused by a design error. Attackers can exploit this issue to execute arbitrary Python code in the context of the user running the vulnerable application. Versions prior to Wesnoth 1.5.1...
[ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability
Gentoo Linux Security Advisory GLSA 200810-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
Portage: Untrusted search path local root vulnerability
Background Portage is Gentoo's package manager which is responsible for installing, compiling and updating all packages on the system through the Gentoo rsync tree. Description The Gentoo Security Team discovered that several ebuilds, such as sys-apps/portage, net-mail/fetchmail or app-editors/le...
RedDot CMS 7.5 - 'LngId' SQL Injection
!/usr/bin/env python un-comment your selection. import urllib2 import urllib import string import getopt import sys def banner: print print "RED DOT CMS 7.5 database enumeration" print "by Mark Crowther and Rodrigo Marcos" def usage: print print "usage:" print "python RDPOC.py options URL" print...
PacketTrap Networks pt360 2.0.39 TFTPD Remote DoS Exploit
No description provided by source. !/usr/bin/python PacketTrap Networks pt360 2.0.39 TFTPD Remote DOS Coded by Mati Aharoni muts..at..offensive-security.com http://www.offensive-security.com/0day/pt360dos.py.txt import socket import sys host = '172.16.167.134' port = 69 try:...
PacketTrap Networks pt360 2.0.39 TFTPD Remote DoS Exploit
No description provided by source. !/usr/bin/python PacketTrap Networks pt360 2.0.39 TFTPD Remote DOS Coded by Mati Aharoni muts..at..offensive-security.com http://www.offensive-security.com/0day/pt360dos.py.txt import socket import sys host = '172.16.167.134' port = 69 try: s =...
Code injection
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the 1 statusmessages or 2 linkintegrity module, which the module unpickles and executes...
CVE-2007-5741
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the 1 statusmessages or 2 linkintegrity module, which the module unpickles and executes...
CVE-2007-5741
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the 1 statusmessages or 2 linkintegrity module, which the module unpickles and executes...
[CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix
A vulnerability in both the statusmessages and linkintegrity modules has been identified, where untrusted network data was treated as a pickle and loaded. This allows an attacker to run arbitrary python code within the Zope/Plone process. This issue has been assigned CVE-2007-5741 Affected versio...
Surgemail 38k - 'Search' Remote Buffer Overflow
!/usr/bin/python import os import sys import time import socket import struct this is imap exploit 710 bytes, tcp port 9999 bind, borrowed from skape miller inventor of megacanvas sc = "\x90" sc += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\xeb\x03\x59" sc +=...
GLSA-200704-19 : Blender: User-assisted remote execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200704-19 Blender: User-assisted remote execution of arbitrary code Stefan Cornelius of Secunia Research discovered an insecure use of the 'eval' function in kmzImportWithMesh.py. Impact : A remote attacker could entice a user to...