[SECURITY] Fedora 20 Update: denyhosts-2.6-29.fc20.1

DenyHosts is a Python script that analyzes the sshd server log messages to determine which hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host and, upon discovering a repeated attack...

Windows-Light-HTTPD-0.1

Buffer overflow in Light HTTPd lhttpd 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. import urllib2 from time import sleep def targURL: while True: URL = rawinput"\n Please enter the URL of the Light HTTP server you would like to PWN. Ex. http://192.168.1.1\n\n...

Windows OLE - Remote Code Execution "Sandworm" Exploit (MS14-060)

No description provided by source. !/usr/bin/python Windows OLE RCE Exploit MS14-060 CVE-2014-4114 – Sandworm Author: Mike Czumak Tv3rn1x - @SecuritySift Written: 10/21/2014 Tested Platforms: Windows 7 SP1 w/ exploit script run on Kali Linux You are free to reuse this code in part or in whole wit...

Use the phpinfo information LFI temporary file[POC]-vulnerability warning-the black bar safety net

Remember before foreign cattle raised by LFI contain temporary files? Did feel a little tasteless, because the temporary file path and name is unknown, although the temporary file name can use a similar? Other wildcards let's call it a wildcard match, while the N individual together with requests...

SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop

SEC Consult Vulnerability Lab Security Advisory 20140710-1 ======================================================================= title: Multiple high risk vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed version: v2 new codebase impact: high...

AutoWeb 3.0 SQL Injection

!/usr/bin/env python -- coding:utf-8 -- Title : AutoWeb v3.0 noticias.php idcat SQL Injection Exploit Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Download : http://www.multdivision.com.br Demo : http://www.cbnmogi.com.br Other Vuln. :...

CVE-2012-5499

pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service memory consumption via a large value, related to formatColumns...

Onlineon E-Ticaret Database Disclosure Exploit

No description provided by source. !/usr/bin/env python -- coding:cp1254 -- Title : Onlineon E-Ticaret Database Disclosure Exploit .py dork : inurl:"default.asp?git=sepet" Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Download :...

Onlineon E-Ticaret Database Disclosure Exploit

Exploit for asp platform in category web applications !/usr/bin/env python -- coding:cp1254 -- Title : Onlineon E-Ticaret Database Disclosure Exploit .py dork : inurl:"default.asp?git=sepet" Author : ZoRLu Download : http://www.onlineonweb.com/eticaret.html Demo : http://ayvalikkokluzeytincilik.c...

ZTE ZXDSL-931VII - Configuration Dump

Exploit Title: ZTE ZXDSL-931VII Unauthenticated Configuration Dump Google Dork: use your imagination Date: 09-12-2014 Exploit Author: L0ukanik0sGR Vendor Homepage: www.zte.com.cn Software Link:...

ntopng 1.2.0 - XSS Vulnerability

ntopng version 1.2.0 suffers from a cross site scripting vulnerability using monitored network traffic. ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar ...

Osueta - A simple Python script to exploit the OpenSSH User Enumeration Timing Attack

Osueta it's a simple Python2 script to exploit the OpenSSH User Enumeration Timing Attack, present in OpenSSH versions 5. and 6.. The script has the ability to make variations of the username employed in the bruteforce attack, and the possibility to establish a DOS condition in the OpenSSH server...

NTP Amplification Denial Of Service Tool

!/usr/bin/env python from scapy.all import import sys import threading import time NTP Amp DOS attack by DaRkReD usage ntpdos.py ex: ntpdos.py 1.2.3.4 file.txt 10 packet sender def deny: Import globals to function global ntplist global currentserver global data global target ntpserver =...

HP Data Protector Manager 8.10 - Remote Command Execution

HP Data Protector Manager 8.10 - Remote Command Execution !/usr/bin/python Exploit Title: HP-Data-Protector-8.10 Remote command execution. Date: July 11 2014 Exploit Author: Christian Polunchis Ramirez https://intrusionlabs.org Exploit Author: Henoch Chanoc Barrera https://intrusionlabs.org...

Elasticsearch remote execution vulnerability affects a large number of domestic server in the cluster-vulnerability warning-the black bar safety net

From Satan online searching key words:“You Know,for search country:CN port:9 2 0 0” Transfer door: http://www.shodanhq.com/search?q=You+Know%2Cfor+search+country%3ACN+port%3A9200 Well, a big wave to open the Elasticsearch service of the server appears: ! So in this one how many you can use? Wrote...

Open and Compact FTPd Pre-Authentication Crash (PoC)

No description provided by source. Title: Open & Compact FTPd Pre-Authentication Crash PoC Found by: loneferret Hat's off to dookie2000ca Date Found: 07/02/2010 Software link: https://sourceforge.net/projects/open-ftpd/ Tested on: Windows XP SP2/SP3 Professional Nod to the Exploit-DB Team It's...

Xion Player 1.0.125 Stack Buffer Overflow Exploit

No description provided by source. !/usr/bin/python Title: Xion 1.0.125 Stack Buffer Overflow Date: August 13, 2010 Author: corelanc0d3r and dijital1 Grtz to dijital1 : I had a lot of fun working with you on this one ! : Grtz to dookie2000ca : Original Advisory:...

GOM Media Player (GOMMP) 2.2.56.5183 - Memory Corruption PoC

No description provided by source. !/usr/bin/python + Author: TUNISIAN CYBER + Exploit Title: GOMMP 2.2.56.5183 Memory Corruption PoC + Date: 22-03-2014 + Category: DoS/PoC + Tested on: WinXp/Windows 7 Pro + Vendor: http://player.gomlab.com/eng/ + Friendly Sites: na3il.com,th3-creative.com +...

mcrypt <= 2.6.8 stack-based buffer overflow PoC

No description provided by source. !/usr/bin/env python mcrypt = 2.6.8 stack-based buffer overflow poc http://mcrypt.sourceforge.net/ the command line tool, not the library date: 2012-09-04 exploit author: ishikawa tested on: ubuntu 12.04.1 tech: it overflows in checkfilehead when decrypting .nc...

OneOrZero Helpdesk 1.4 Install.PHP Administrative Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7611/info OneOrZero Helpdesk has been reported prone to an issue that may result in an attacker obtaining unauthorized administrative access. The issue presents itself due to a programming error in a Helpdesk script...