CVE-2012-0861

The vdsinstaller in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vdsbootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via...

rhev: vds_installer is prone to MITM when downloading 2nd stage installer

The vdsinstaller in Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vdsbootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via...

ptunnel 0.72 - Remote Denial of Service

ptunnel 0.72 - Remote Denial of Service !/usr/bin/env python =============================================================================== Exploit Title: ptunnel ' % sys.argv0 target remotehost = sys.argv1 ptunnel.h typedef struct uint32t magic, // magic number, used to identify ptunnel packets...

Splunk Search Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Splunk Search...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in ah/admin/interactive/execute aka the Interactive Console in the SDK Console aka Admin Console in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrar...

CVE-2011-1364

Cross-site request forgery CSRF vulnerability in ah/admin/interactive/execute aka the Interactive Console in the SDK Console aka Admin Console in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrar...

SLP (Service Location Protocol) Denial Of Service

!/usr/bin/python ''' ================================== Pseudo documentation ================================== ''' SLPick, extension DoS release by Nicolas Gregoire ''' ================================== Imports ================================== ''' import getopt import re import sys import...

Fedora 14 : blender-2.49b-14.fc14 (2011-8474)

Fix CVS-2009-3850. This issue allow the execution of embedded python code in .blend files Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

(cobbler): Code injection flaw (ACE as root) by processing of a specially-crafted kickstart template file

templateapi.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a...

IBM Lotus Domino iCalendar - Email Address Stack Buffer Overflow

source: http://labs.mwrinfosecurity.com/advisories/lotusdominoicalstackbufferoverflow/ IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Vulnerability Package Name: Lotus Domino Server Date Reported: 2010-01-09 Affected Versions: Versions 8.0 and 8.5 on AIX, AIX 64bit, Linux, Linux...

Web Application Security Scanner: w3af

w3af is a Web Application Attack and Audit Framework The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. Identify and exploit a SQL injection One of the most difficult parts of securing your application is to identify the...

SQL injection in OSCommerce Add-On Visitor Web Stats

Popular OSC add-on Visitor Web Stats is completely vulnerable to SQL injections. Although it uses request data i. e. the Accept-Language header, there's no escaping at all. This also applies to the extension's derivative for OSC 3, who's author completely inherited the insufficient code structure...

BaoFeng Storm - '.m3u' File Processing Buffer Overflow

!/usr/bin/env python Title: BaoFeng Storm M3U File Processing Buffer Overflow Exploit CNVD-ID: CNVD-2010-00752 Author: Lufeng Li and Qingshan Li of Neusoft Corporation Download: www.baofeng.com Test: Put m3u file in roote.g. c:/ d:/,and open this m3u file Platform: Windows XPSP3 Chinese Simplifie...

NIBE heat pump - Local File Inclusion

NIBE heat pump - Local File Inclusion !/usr/bin/python import socket,sys,os,base64 NIBE heat pump LFI exploit Written by Jelmer de Hen Published at http://h.ackack.net/?p=302 Special thanks to Fredrik Nordberg Almroth and Mathias Karlsson for obtaining this information http://h.ackack.net/?p=274...

vBulletin (Cyb - Advanced Forum Statistics) - 'misc.php' Denial of Service

Exploit Title: vBulletin "Cyb - Advanced Forum Statistics" DOS Date: 10-4-2010 Author: Andhra Hackers Software Link: Version: Web Application Tested on: Apcahe/Unix CVE : if exists Code : PHP crashes existed from a long time back and there were several issues which were a reason for that. 1PHP pa...

TopDownloads MP3 Player 1.0 - .m3u Crash

TopDownloads MP3 Player 1.0 - .m3u Crash !/usr/bin/env python MP3 player 1.0 Local Crash Author: l3D Software Link: http://files.brothersoft.com/mp3audio/players/td-mp3.exe Site: http://xraysecurity.blogspot.com IRC: irc://irc.nix.co.il Email: [email protected] bad=open'crash.mp3', 'w'...

Easy FTP Server 1.7.0.2 Buffer Overflow

Exploit Title: Easy FTP Server 1.7.0.2 Remote BoF Date: 20/02/2010 Author: athleet Software Link: http://cdnetworks-us-2.dl.sourceforge.net/project/easyftpsvr/easyftpsvr/1.7.0.2-en/easyftpsvr-1.7.0.2.zip Version: 1.7.0.2 Tested on: XP SP3 Eng CVE : None Code : Below !/usr/bin/python import socket...

Mandriva Security Advisory MDVSA-2009:232-1 (libsamplerate)

The remote host is missing an update to libsamplerate announced via advisory MDVSA-2009:232-1. OpenVAS Vulnerability Test $Id: mdksa20092321.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:232-1 libsamplerate Authors: Thomas Reinke Copyright: Copyrig...

Mandriva Security Advisory MDVSA-2009:232-1 (libsamplerate)

The remote host is missing an update to libsamplerate announced via advisory MDVSA-2009:232-1. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only O...

Blender 2.49b - .blend Remote Command Execution

Blender 2.49b - .blend Remote Command Execution An attacker can exploit this issue by enticing an unsuspecting victim to open a specially crafted '.blend' file. The following proof of concept demonstrates this issue: . Open the "Text Editor" Panel. . Right click on the canvas and select "New"...