116 matches found
CVE-2013-4245
Removed by vendor...
Pyattck - A Python Module To Interact With The Mitre ATT&CK Framework
A Python Module to interact with the Mitre ATT&CK Framework. pyattck has the following notable features in it's current release: Retrieve all Tactics, Techniques, Actors, Malware, Tools, and Mitigations All techniques have suggested mitigations as a property For each class you can access addition...
Exrex - Irregular Methods On Regular Expressions
Exrex is a command line tool and python module that generates all - or random - matching strings to a given regular expression and more. It's pure python, without external dependencies. There are regular expressions with infinite matching strings eg.: a-z+, in these cases exrex limits the maximum...
NASA Singledop Library Code Execution Vulnerability
NASA Singledop is a software module written in Python for retrieving low-level 2D wind fields from actual or simulated Doppler radar data.NASA Singledop library Weather data is one of the libraries. The NASA Singledop library in NASA Singledop version 1.0 suffers from a security vulnerability. A...
Reposcanner - Python Script To Scan Git Repos For Interesting Strings
Reposcanner is a python script to search through the commit history of Git repositories looking for interesting strings such as API keys, inspires by truffleHog. Installation The python Git module is required python-git on Debian. Usage ./reposcanner -r Options: optional arguments: -h, --help sho...
CVE-2014-4616
Array index error in the scanstring function in the json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the rawdecode function...
sharkPy - NSA Tool to Dissect, Analyze, and Interact with Network Packet Data using Wireshark and libpcap capabilities
A python module to dissect, analyze, and interact with network packet data as native Python objects using Wireshark and libpcap capabilities. sharkPy dissect modules extend and otherwise modify Wireshark's tshark. SharkPy packet injection and pcap file writing modules wrap useful libpcap...
CTF Framework and Exploit Development Library: pwntools
pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. Whether you’re using it to write exploits, or as part of another software project will dictate how you...
FLARE Script Series: Querying Dynamic State using the FireEye Labs Query-Oriented Debugger (flare-qdb)
Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on...
Centralized IPTables Firewall Control Script: CFC
Centralized IPTables Firewall Control Script Centralized firewall control provides a centralized way to manage the firewall on multiple servers or loadbalancers running iptables. This way you can quickly allow/block/del/search abuse ranges etc. with one command on several servers. It accesses tho...
Dynamic Network Analysis Tool: FakeNet-NG
Dynamic Network Analysis Tool FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows. FakeNet-NG is based on the excellent Fakenet tool developed by Andrew Honig and Michael...
Blind-Sql-Bitshifting - Blind SQL Injection via Bitshifting
This is a module that performs blind SQL injection by using the bitshifting method to calculate characters instead of guessing them. It requires 7/8 requests per character, depending on the configuration. Usage import blind-sql-bitshifting as x Edit this dictionary to configure attack vectors...
FortiOS Fortimanager_Access SSH account backdoor
Added: 01/25/2016 CVE: CVE-2016-1909 Background FortiOS is the operating system used by FortiGate network security appliances. Problem An undocumented account can be used to gain unauthorized access to the appliance. Resolution Upgrade to FortiOS 4.1.11, 4.2.16, 4.3.17, 5.0.8, 5.2.0, 5.4.0, or...
FortiOS Fortimanager_Access SSH account backdoor
Added: 01/25/2016 CVE: CVE-2016-1909 Background FortiOS is the operating system used by FortiGate network security appliances. Problem An undocumented account can be used to gain unauthorized access to the appliance. Resolution Upgrade to FortiOS 4.1.11, 4.2.16, 4.3.17, 5.0.8, 5.2.0, 5.4.0, or...
Code injection
OpenStack Swift-on-File aka Swiftonfile does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute xattrs...
Multiple memory corruption vulnerabilities in Python 'Modules\audioop.c'
Python is an open source, object-oriented programming language. Multiple memory corruption vulnerabilities in Python 'Modules\audioop.c' allow remote attackers to exploit the vulnerability by submitting a special request to disclose arbitrary memory...
USN-2782-1: Apport vulnerability
Gabriel Campana discovered that Apport incorrectly handled Python module imports. A local attacker could use this issue to elevate privileges...
CVE-2015-1341
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function pythonmodulepath...
OracleVM 3.3 : net-snmp (OVMSA-2015-0099)
The remote OracleVM system is missing necessary patches to address critical security updates : - Add Oracle ACFS to hrStorage John Haxby orabug 18510373 - Quicker loading of IP-MIB::ipAddrTable 1191393 - Quicker loading of IP-MIB::ipAddressTable 1191393 - Fixed snmptrapd crash when '-OQ' paramete...
Gnupg2 Information Disclosure Vulnerability
GnuPG is a Python module that allows, from a Python program, to conveniently use the key management, encryption and signing features of GnuPG. GnuPG memcpy uses overlapping scopes, allowing attackers to exploit vulnerabilities to obtain sensitive information...