Updated python packages fix CVE-2013-4238 and pip

Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.matchhostname to match the hostname...

DEBIAN-CVE-2013-4929

The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service loop via a crafted...

UBUNTU-CVE-2013-4929

The parseFields function in epan/dissectors/packet-dis-pdus.c in the DIS dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not terminate packet-data processing after finding zero remaining bytes, which allows remote attackers to cause a denial of service loop via a crafted...

Mandriva Linux Security Advisory : ruby (MDVSA-2013:201)

A vulnerability has been discovered and corrected in ruby : A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers...

Scientific Linux Security Update : ruby on SL5.x, SL6.x i386/srpm/x86_64 (20130717)

A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to...

Linux/x86 - Bind TCP Shell Shellcode (112 bytes)

Linux/x86 - Bind TCP Shell Shellcode 112 bytes. Shellcode exploit for Linuxx86 platform / Title : Obfuscated tcp bind shell 112 bytes Date : 3 July 2013 Author : Russell Willis System : Linux/x86 SMP Debian 3.2.41-2 i686 To build: gcc -fno-stack-protector -z execstack shellcode.c -o shellcode...

Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (30 bytes)

Linux/x86 - execve/bin/sh + Obfuscated Shellcode 30 bytes. Shellcode exploit for Linuxx86 platform / Title : Obfuscated execve /bin/sh 30 bytes Date : 3rd July 2013 Author : Russell Willis System : Linux/x86 SMP Debian 3.2.41-2 i686 To build: gcc -fno-stack-protector -z execstack -o shellcode...

GLPI v0.83.7 (itemtype) Parameter Traversal Arbitrary File Access Exploit

Summary GLPI, an initialism for Gestionnaire libre de parc informatique Free Management of Computer Equipment, was designed by Indepnet Association a non profit organisation in 2003. GLPI is a free asset and IT management software package, it also offers functionalities like servicedesk ITIL or...

Mod_Security Cross Site Scripting Bypass

Product: Modsecurity Author: Rafay Baloch Status: Fixed Details: The ModSecurity firewall is one of the most known WAF around, It has an online smoke test where we can check if a vector bypassed the regular expressions. Payload: It was though detecting null bytes, but it was generating a false...

Input validation

boost::locale::utf::utftraits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes...

Windows7 Sub_Xor MessageBox Exec Shellcode - 265 Bytes

Windows7 SubXor MessageBox Exec Shellcode 265 Bytes + Msg.&.Title / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS,...

DEBIAN-CVE-2013-2478

The dissectserverinfo function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service application crash via a malformed packet that 1...

Linux/x86 - Bind TCP (1111/TCP) Shell + SO_REUSEADDR Set (Avoiding SIGSEGV) + Null-Free Shellcode (103 bytes)

Linux/x86 - Bind TCP 1111/TCP Shell + SOREUSEADDR Set Avoiding SIGSEGV + Null-Free Shellcode 103 bytes. Shellcode exploit for Linuxx86 platform / Shell Bind TCP Shellcode - C Language Linux/x86 Written in 2013 by Geyslan G. Bem, Hacking bits http://hackingbits.com [email protected] This source is...

Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (65 bytes)

Linux/x86 - Bind TCP Random TCP Port Shell + Null-Free Shellcode 65 bytes. Shellcode exploit for Linuxx86 platform / Shell Bind TCP Random Port Shellcode - C Language Linux/x86 Written in 2013 by Geyslan G. Bem, Hacking bits http://hackingbits.com [email protected] With the great support from Tia...

Linux/x86 - Bind TCP (1111/TCP) Shell + GetPC/Call/Ret Method + Null-Free Shellcode (89 bytes)

Linux/x86 - Bind TCP 1111/TCP Shell + GetPC/Call/Ret Method + Null-Free Shellcode 89 bytes. Shellcode exploit for Linuxx86 platform / Shell Bind TCP GetPC/Call/Ret Method - C Language Linux/x86 Written in 2013 by Geyslan G. Bem, Hacking bits http://hackingbits.com [email protected] This source is...

Linux/x86 - Bind TCP (Random TCP Port) Shell + Null-Free Shellcode (57 bytes)

Linux/x86 - Bind TCP Random TCP Port Shell + Null-Free Shellcode 57 bytes. Shellcode exploit for Linuxx86 platform / Tiny Shell Bind TCP Random Port Shellcode - C Language Linux/x86 Written in 2013 by Geyslan G. Bem, Hacking bits http://hackingbits.com [email protected] This source is licensed...

Linux/x86 - execve(/bin/sh) + Null-Free Shellcode (21 bytes) (6)

Linux/x86 - execve/bin/sh + Null-Free Shellcode 21 bytes 6. Shellcode exploit for Linuxx86 platform / Tiny Execve sh Shellcode - C Language - Linux/x86 Copyright C 2013 Geyslan G. Bem, Hacking bits http://hackingbits.com [email protected] This program is free software: you can redistribute it...

Linux/x86 - Read /etc/passwd file + Null-Free Shellcode (51 bytes)

Linux/x86 - Read /etc/passwd file + Null-Free Shellcode 51 bytes. Shellcode exploit for Linuxx86 platform / Tiny Read File Shellcode - C Language - Linux/x86 Copyright C 2013 Geyslan G. Bem, Hacking bits http://hackingbits.com [email protected] This program is free software: you can redistribute ...

Linux/x86 - Reverse TCP Shellcode (67 bytes)

Linux/x86 - Reverse TCP Shellcode 67 bytes. Shellcode exploit for Linx86 platform / Tiny Shell Reverse TCP Shellcode - C Language Linux/x86 Written in 2013 by Geyslan G. Bem, Hacking bits http://hackingbits.com [email protected] This source is licensed under the Creative Commons...

linux/x86 execve-chmod 0777 /etc/shadow 58 bytes

Linux/x86 execve-chmod 0777 /etc/shadow 58 bytes Author: Hamza Megahed Twitter: @HamzaMega blog: hamza-megadotblogspotdotcom E-mail: hamzadotmegahedatgmaildotcom xor %eax,%eax push %eax pushl $0x776f6461 pushl $0x68732f2f pushl $0x6374652f movl %esp,%esi push %eax pushl $0x37373730 movl %esp,%ebp...