978 matches found
Wesnoth 1.x - PythonAI Remote Code Execution
source: https://www.securityfocus.com/bid/33971/info Wesnoth is prone to a remote code-execution vulnerability caused by a design error. Attackers can exploit this issue to execute arbitrary Python code in the context of the user running the vulnerable application. Versions prior to Wesnoth 1.5.1...
Portage: Untrusted search path local root vulnerability
Background Portage is Gentoo's package manager which is responsible for installing, compiling and updating all packages on the system through the Gentoo rsync tree. Description The Gentoo Security Team discovered that several ebuilds, such as sys-apps/portage, net-mail/fetchmail or app-editors/le...
[ GLSA 200810-02 ] Portage: Untrusted search path local root vulnerability
Gentoo Linux Security Advisory GLSA 200810-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
RedDot CMS 7.5 - 'LngId' SQL Injection
!/usr/bin/env python un-comment your selection. import urllib2 import urllib import string import getopt import sys def banner: print print "RED DOT CMS 7.5 database enumeration" print "by Mark Crowther and Rodrigo Marcos" def usage: print print "usage:" print "python RDPOC.py options URL" print...
PacketTrap Networks pt360 2.0.39 TFTPD Remote DoS Exploit
No description provided by source. !/usr/bin/python PacketTrap Networks pt360 2.0.39 TFTPD Remote DOS Coded by Mati Aharoni muts..at..offensive-security.com http://www.offensive-security.com/0day/pt360dos.py.txt import socket import sys host = '172.16.167.134' port = 69 try:...
PacketTrap Networks pt360 2.0.39 TFTPD Remote DoS Exploit
No description provided by source. !/usr/bin/python PacketTrap Networks pt360 2.0.39 TFTPD Remote DOS Coded by Mati Aharoni muts..at..offensive-security.com http://www.offensive-security.com/0day/pt360dos.py.txt import socket import sys host = '172.16.167.134' port = 69 try: s =...
Code injection
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the 1 statusmessages or 2 linkintegrity module, which the module unpickles and executes...
CVE-2007-5741
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the 1 statusmessages or 2 linkintegrity module, which the module unpickles and executes...
CVE-2007-5741
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the 1 statusmessages or 2 linkintegrity module, which the module unpickles and executes...
[CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix
A vulnerability in both the statusmessages and linkintegrity modules has been identified, where untrusted network data was treated as a pickle and loaded. This allows an attacker to run arbitrary python code within the Zope/Plone process. This issue has been assigned CVE-2007-5741 Affected versio...
Surgemail 38k - 'Search' Remote Buffer Overflow
!/usr/bin/python import os import sys import time import socket import struct this is imap exploit 710 bytes, tcp port 9999 bind, borrowed from skape miller inventor of megacanvas sc = "\x90" sc += "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\xeb\x03\x59" sc +=...
GLSA-200704-19 : Blender: User-assisted remote execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200704-19 Blender: User-assisted remote execution of arbitrary code Stefan Cornelius of Secunia Research discovered an insecure use of the 'eval' function in kmzImportWithMesh.py. Impact : A remote attacker could entice a user to...
Design/Logic Flaw
Eval injection vulnerability in the a kmzImportWithMesh.py Script for Blender 0.1.9h, as used in b Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted 1 KML or 2 KMZ file...
CVE-2007-1253
Eval injection vulnerability in the a kmzImportWithMesh.py Script for Blender 0.1.9h, as used in b Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted 1 KML or 2 KMZ file...
CVE-2007-1253
Eval injection vulnerability in the a kmzImportWithMesh.py Script for Blender 0.1.9h, as used in b Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted 1 KML or 2 KMZ file...
CVE-2007-1253
Eval injection vulnerability in the a kmzImportWithMesh.py Script for Blender 0.1.9h, as used in b Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted 1 KML or 2 KMZ file...
DEBIAN-CVE-2007-1253
Eval injection vulnerability in the a kmzImportWithMesh.py Script for Blender 0.1.9h, as used in b Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted 1 KML or 2 KMZ file...
CVE-2007-1253
Eval injection vulnerability in the a kmzImportWithMesh.py Script for Blender 0.1.9h, as used in b Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted 1 KML or 2 KMZ file...
CVE-2007-1253
CVE-2007-1253 affects Blender up to version 2.43, via the kmz_ImportWithMesh.py script. An insecure use of eval() in kmz_ImportWithMesh.py allows a remote attacker to entice a user to open a crafted .kmz or .kml file, resulting in arbitrary Python code execution with the user’s privileges. The vu...
snort-py.txt
!/usr/bin/python Snort DCE/RPC Preprocessor Buffer Overflow DoS Author: Trirat Puttaraksa http://sf-freedom.blogspot.com For educational purpose only This exploit just crash Snort 2.6.1 on Fedora Core 4. However, Code Execution may be possible, but I have no time to make it : I will post the...