setroubleshoot and setroubleshoot-plugins security update

setroubleshoot 3.2.24-4.0.1 - Add setroubleshoot-oracle-enterprise.patch to change bug reporting URL to linux.oracle.com 3.2.24-4 - Catch all subprocess module exceptions 3.2.24-3 - Use subprocess.checkoutput with a sequence of program arguments 3.2.24-2 - Do not use dangerous shell=True...

TCPDump 4.5.1 Crash Proof Of Concept

Exploit Title: tcpdump 4.5.1 Access Violation Crash Date: 31st May 2016 Exploit Author: David Silveiro Vendor Homepage: http://www.tcpdump.org Software Link: http://www.tcpdump.org/release/tcpdump-4.5.1.tar.gz Version: 4.5.1 Tested on: Ubuntu 14 LTS from subprocess import call from shlex import...

TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow

TRN Threaded USENET News Reader 3.6-23 - Local Stack Overflow Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: Threaded USENET news reader Version: 3.6-23 Tested and developed under: Kali Linux 2.0 x86 -...

TRN Threaded USENET News Reader 3.6-23 - Local Stack Based Overflow

Exploit for linux platform in category local exploits Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - email protected Program affected: Threaded USENET news reader Version: 3.6-23 Tested and developed under: Kali Linux 2.0 x86 -...

Scientific Linux Security Update : python on 7.x i686/x86_64 (2015:2101)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2015:2101-1 advisory. - The gzipdecode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service memory...

python security, bug fix, and enhancement update

2.7.5-34.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-34 - Revert fix for rhbz1117751 as it leads to regressions Resolves: rhbz1117751 2.7.5-33 - Only restore SIGPIPE when Popen called with restoresigpipe Resolves: rhbz1117751 2.7.5-32 - Backport SSLSocket.version...

Microsoft HTML Help Compiler 4.74.8702.0 - Local Overflow (SEH)

Microsoft HTML Help Compiler 4.74.8702.0 - Local Overflow SEH !/usr/bin/env python Exploit Title: Microsoft HTML Help Compiler SEH Based Overflow Date: 2015-08-13 Exploit Author: St0rn Twitter: st0rnpentest Vendor Homepage: www.microsoft.com Software Link:...

Exploit-Tutorial-1

This is a module that will help you learn the basics of exploit development, the focus on this one is a stack-buffer type of overflow and the platform used is GNU/Linux. Basic Buffer Overflow for Linux - Part of the Exploit Pack Tutorials The following exploit code has been written in Python and...

F5-BIG-IP-Remote-Root

Title: F5 BIG-IP Remote Root Authentication Bypass Vulnerability py Quick script written by Dave Kennedy ReL1K for F5 authentication root bypass http://www.secmaniac.com import subprocess,os filewrite = file"priv.key", "w" filewrite.write"""-----BEGIN RSA PRIVATE KEY-----...

HTML-Help-Workshop-1.4

Date: 31/08/2014 Author: mr.pr0n @pr0n Homepage: http://ghostinthelab.wordpress.com/ Software Link: http://msdn.microsoft.com/en-us/library/windows/desktop/ms669985%28v=vs.85%29.aspx Version: 1.4 Tested on: Windows XP SP3 / Windows 7 Pro import subprocess junk = "A" 832 Junk bytes nseh =...

Common Desktop Environment <= 2.1 20,Solaris <= 7.0 dtspcd Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/636/info This explanation is quoted from the initial post on this problem by Job De Hass. This message is available in its entirety in the 'Credit' section of this vulnerability entry. The CDE subprocess daemon...

Command Shell, Reverse TCP (via python)

Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include...

FreeBSD-SA-14:11.sendmail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:11.sendmail Security Advisory The FreeBSD Project Topic: sendmail improper close-on-exec flag handling Category: contrib Module: sendmail Announced:...

FreeBSD -- sendmail improper close-on-exec flag handling

Problem Description: There is a programming error in sendmail8 that prevented open file descriptors have close-on-exec properly set. Consequently a subprocess will be able to access all open files that the parent process have open. Impact: A local user who can execute their own program for mail...

OSX <= 10.8.4 - Local Root Priv Escalation (py)

Exploit for iOS platform in category local exploits !/usr/bin/python Original MSF Module: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/sudopasswordbypass.rb Exploit Title: OSX & /dev/tcp/%s/%s...

BigAnt Server 2.97 - DDNF &#039;Username&#039; Remote Buffer Overflow

!/usr/bin/python Title: BigAnt Server 2.97 DDNF Username Buffer Overflow Author: Craig Freyman @cd1zz http://pwnag3.com Tested on: Windows 7 64 bit DEP/ASLR Bypass Similar Exploits: http://www.exploit-db.com/exploits/24528/ http://www.exploit-db.com/exploits/24527/...

NRPE metacharacter filtering omission (important)

NRPE the Nagios Remote Plug-In Executor allows the passing of $ to plugins/scripts which, if run under bash, will execute that shell command under a subprocess and pass the output as a parameter to the called script. Using this, it is possible to get called scripts, such as checkhttp, to execute...

Nagios NRPE 2.13 Code Execution

Summary: --------------- CVE-ID: CVE-2013-1362 CVSS: Base Score 7.5 CVSS2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:UC/CDP:N/TD:N/CR:L/IR:L/AR:L Vendor: Nagios Affected Products: NRPE Affected Platforms: All Affected versions: '"\;" This allows the passing of $ to plugins/scripts which, if...

Scientific Linux Security Update : python on SL5.x i386/x86_64

It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySysSetArgv API function, which could result in the addition of the current working directory to the module search path sys.path. A local attacker...

Unix Command Shell, Reverse TCP (via Python)

Connect back and create a command shell via Python This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Python include...