Design/Logic Flaw

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...

CVE-2017-12340

CVE-2017-12340 affects Cisco NX-OS System Software on Cisco MDS Multilayer Director Switches, Nexus 7000, and Nexus 7700 series. The flaw is due to insufficient sanitization of user-supplied parameters in the Python scripting sandbox, enabling an authenticated, local attacker to escape the sandbo...

Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches Bash Shell Unauthorized Access Vulnerability

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...

Cisco NX-OS Python Scripting Engine Elevation of Privilege Vulnerability

Cisco NX-OS software is a data center-class operating system that embodies modular design, sustainability, and maintainability. A security vulnerability exists in Cisco NX-OS that allows a user with locally executable Python scripts to elevate privileges on the Python subsystem to execute arbitra...

CVE-2017-12301

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of...

Design/Logic Flaw

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of...

PyREBox, a Python Scriptable Reverse Engineering Sandbox

This post was authored by Xabier Ugarte PedreroIn Talos, we are continuously trying to improve our research and threat intelligence capabilities. As a consequence, we not only leverage standard tools for analysis, but we also focus our efforts on innovation, developing our own technology to...

Discuz plug-in Bluegrass today wechat voting rights limit and brush votes vulnerability with python scripting-vulnerability warning-the black bar safety net

Two days before the bunch of friends online canvassing, feeling that something in the programmer before it is an irony（me is the programmer before me, when a programmer there are always people that you will be stolen QQ, attack, repair the computer。。。。） Directly into the theme, with to Tools: 1...

Cisco Nexus 7000 Devices Virtual Device Context Privilege Escalation Vulnerability (Cisco-SA-20150630-CVE-2015-4231)

A privilege escalation vulnerability in the Python scripting subsystem of Cisco Nexus 7000 devices that have been configured with multiple virtual device contexts VDCs could allow an authenticated, local attacker to delete files owned by a different VDC on the device. Copyright C 2016 Greenbone...

NetUSB Stack Buffer Overflow

!/usr/bin/env python -- coding: utf-8 -- import socket import sys import random import string import time import struct from Crypto.Cipher import AES pip install pycrypto DOSBYTES = 128 BoF TIMEOUT = 5 RECVSIZE = 16 PORTDEFAULT = 20005 AESKey =...

Cisco NX-OS Python Scripting Engine Root Access Vulnerability

Cisco NX-OS software is a data center-class operating system that embodies modular design, sustainability, and maintainability. Cisco NX-OS has a security vulnerability that allows a user with locally executable Python scripts to elevate privileges on the Python subsystem and gain root privileges...

Cisco Nexus 7000 Device Local Elevation of Privilege Vulnerability

The Cisco Nexus 7000 Series switches help create the network infrastructure platform needed for next-generation unified array data centers. Multiple elevation of privilege vulnerabilities exist in the Python scripting subsystem on Cisco Nexus 7000 devices configured with multiple VDCs, which can ...

Cisco Nexus 7000 Devices Virtual Device Context Privilege Escalation Vulnerability

A privilege escalation vulnerability in the Python scripting subsystem of Cisco Nexus 7000 devices that have been configured with multiple virtual device contexts VDCs could allow an authenticated, local attacker to delete files owned by a different VDC on the device. The vulnerability exists due...

PeerFTP Server <= 4.01 - Remote Crash PoC

No description provided by source. !/usr/bin/python PeerFTP Server =v4.01 Remote Crash PoC written by localh0t Date: 19/03/12 Contact: [email protected] Follow: @mattdch www.localh0t.com.ar from socket import import sys, struct, os if lensys.argv 3: print \nPeerFTP Server =v4.01 Remote Crash PoC...

Scientific Linux Security Update : openoffice.org2 on SL4.x i386/x86_64

A flaw was found in the way OpenOffice.org enforced a macro security setting for macros, written in the Python scripting language, that were embedded in OpenOffice.org documents. If a user were tricked into opening a specially crafted OpenOffice.org document and previewed the macro directory...

Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64

A flaw was found in the way OpenOffice.org enforced a macro security setting for macros, written in the Python scripting language, that were embedded in OpenOffice.org documents. If a user were tricked into opening a specially crafted OpenOffice.org document and previewed the macro directory...

minerCPP 0.4b Buffer Overflow / Format String

!/usr/bin/env python minerCPP 0.4b Remote BOF+Format String Attack Exploit Software Link: http://sourceforge.net/projects/minercpp/ Author: l3D Sites: http://xraysecurity.blogspot.com, http://nullbyte.org.il IRC: irc://irc.nix.co.il Email: [email protected] Tested on Windows 7 In order to make...

Fedora 12 : openoffice.org-3.1.1-19.32.fc12 (2010-9576)

A security vulnerability in OpenOffice.org, related to python scripting, might lead to unexpected code execution when using the built-in scripting IDE for exploring python code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

openoffice.org security update

CentOS Errata and Security Advisory CESA-2010:0459 Updated openoffice.org packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System...

Moderate: Red Hat Security Advisory: openoffice.org security update

Updated openoffice.org packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...