DEBIAN-CVE-2016-0787

The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...

UBUNTU-CVE-2016-0787

The diffiehellmansha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes confusion bug."...

Linux/x86_64 - bindshell PORT: 5600 - 81 bytes

Linux/x8664 - bindshell PORT: 5600 - 81 bytes. Shellcode exploit for linx86-64 platform / --------------------------------------------------------------------------------------------------- Linux/x8664 - bindshell PORT: 5600 - 81 bytes Ajith Kp @ajithkp560 http://www.terminalcoders.blogspot.com O...

Linux/x86_x64 - execve/bin/sh - 26 bytes

Linux/x86x64 - execve/bin/sh - 26 bytes. Shellcode exploit for linx86-64 platform / --------------------------------------------------------------------------------------------------- Linux/x86x64 - execve/bin/sh - 26 bytes Ajith Kp @ajithkp560 http://www.terminalcoders.blogspot.com Om Asato Maa...

Linux/ARM - Connect back to {ip:port} with /bin/sh - 95 bytes

Linux/ARM - Connect back to ip:port with /bin/sh - 95 bytes. Shellcode exploit for arm platform / Title : Linux/ARM - Connect back to ip:port with /bin/sh Length : 95 bytes Date : 2014-06-03 Author : Xeon Tested : ARM1176 rev6 v6l / include include char shellcode =...

Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067)

Microsoft Windows - NetAPI32.dll Code Execution Python MS08-067 import struct import time import sys from threading import Thread Thread is imported incase you would like to modify try: from impacket import smb from impacket import uuid from impacket import dcerpc from impacket.dcerpc.v5 import...

libssh2: man-in-the-middle

There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...

lib32-libssh2: man-in-the-middle

There is a bits/bytes confusion bug resulting in generation of a significantly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. There ar...

Mageia: Security Advisory (MGASA-2016-0082)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libssh: man-in-the-middle

libssh versions 0.1 and above have a bits/bytes confusion bug and generate the an anormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits...

Multiple OpenStack Products Access Bypass Vulnerabilities

OpenStack Identity Keystone is a project developed by the National Aeronautics and Space Administration and Rackspace in the United States for authentication, providing identity, token, directory and policy services. OpenStack keystonemiddleware formerly known as python-keystoneclient is one of t...

py-imaging, py-pillow -- Buffer overflow in PCD decoder

The Pillow maintainers report: In all versions of Pillow, dating back at least to the last PIL 1.1.7 release, PcdDecode.c has a buffer overflow error. The state.buffer for PcdDecode.c is allocated based on a 3 bytes per pixel sizing, where PcdDecode.c wrote into the buffer assuming 4 bytes per...

x86_64 Linux Polymorphic Execve-Stack - 47 bytes

x8664 Linux Polymorphic Execve-Stack - 47 bytes. Shellcode exploit for linx86-64 platform /--------------------------------------------------------------------------------------------------------------------- / Title: x8664 linux Polymorphic execve-stack 47 bytes Author: Sathish kumar Contact:...

Linux x86/x86_64 - reverse_tcp (192.168.1.29:4444) Shellcode (195 bytes)

/ + Author : B3mB4m Contact : email protected Project : https://github.com/b3mb4m/Shellsploit Greetz : Bomberman,T-Rex,KnocKout,ZoRLu If you want test it, you must compile it within x86 OS. Or basically you can get it with shellsploit. Default setthings for port:4444 host:192.168.1.29 00000000 31...

Linux/x86-64 - xor/not/div Encoded execve Shellcode (54 bytes)

/--------------------------------------------------------------------------------------------------------------------- / Title: x8664 linux-Xor/not/div encoded execve shellcode Author: Sathish kumar Contact: https://www.linkedin.com/in/sathish94 Copyright: c 2016 iQube. http://iQube.io Release...

OpenSSH 'resend_bytes' function information disclosure vulnerability

OpenSSH is a set of connection tools maintained by the OpenBSD Project Group for secure access to remote computers. A security vulnerability in the 'resendbytes' function in the 'roamingcommon.c file in OpenSSH's client allows a remote attacker to obtain sensitive information from process memory ...

DEBIAN-CVE-2016-0777

The resendbytes function in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key...

UBUNTU-CVE-2016-0777

The resendbytes function in roamingcommon.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key...

PT-2016-3290

Name of the Vulnerable Software and Affected Versions OpenSSH versions 5.x through 7.x before 7.1p2 Description The issue is related to the resend bytes function in roaming common.c, which allows remote servers to obtain sensitive information from process memory. This can be achieved by requestin...

Linux/x86-64 - TCP Reverse Shell with Password Prompt Shellcode (151 bytes)

/--------------------------------------------------------------------------------------------------------------------- / Title: tcp reverse shell with password prompt in 151 bytes Author: Sathish kumar Contact: https://www.linkedin.com/in/sathish94 Copyright: c 2016 iQube. http://iQube.io Release...