python code
. Open Maya.
. Add some geometry.
. Go to Window/Animation Editors/Expression Editor.
. Put a name on it, set "Evaluate On" to "Open/Close", insert
python code within quotes like this:
/-----
The vendor did not provide fixes or workaround information.
To determine if a .blend file is suspicious you could parse the
content of the file [3] searching for a SDNA [4] of type ScriptLink
[5] with python code bound to an "onLoad" action.
6. *Credits*
This vulnerability was discovered and researched by Diego Juarez and
Description
===========
The Gentoo Security Team discovered that several ebuilds, such as
sys-apps/portage, net-mail/fetchmail or app-editors/leo execute Python
code using "python -c", which includes the current working directory in
Python's module search path. For several ebuild functions, Portage did
not change the working directory from emerge's working directory.
Impact
======
http://sqlmap.sourceforge.net/#docs
Contribute
==========
I am looking for security geeks who can write some "clean" Python
code, know about web application security, database takeover,
post-exploitation techniques, software refactoring and are motivated
to join the development team. If you are interested, please get back
to me (bernardo.damele@gmail.com). If you have no clue what the tool
is about, are excited about joining the effort, but has never written
a single line of code or you want only to appear in the AUTHORS file,
We can write on the Structured Exception Handler taking control of the
program flow if we set a pointer to our data when the loop writes the
source pointer.
The following Python code demonstrates the bug on the default
installation. Replace the IP address '192.168.22.252' with yours. Port
'3050' is the default one.
/-----------
CVE-2009-0668
The ZEO server doesn't restrict the callables when unpickling data
received from a malicious client which can be used by an attacker to execute
arbitrary python code on the server by sending certain exception pickles. This
also allows an attacker to import any importable module as ZEO is importing the
module containing a callable specified in a pickle to test for a certain flag.
CVE-2009-0669
Description
Sam Johnston (http://samj.net/) of Australian Online Solutions
(http://www.aos.net.au) reported that the vmfeed module, an insecure
implementation of the insecure VMcasting protocol (http://www.vmcasting.org/)
includes a silent update mechanism that downloads and executes Python code
from Enomaly's corporate web server (http://enomaly.com/fileadmin/eggs/)
over HTTP, without authentication or integrity checks. The code is triggered
when the "application/python-egg" MIME type is encountered.
The module also contains functionality for downloading workloads (virtual
service attack when receiving special crafted compressed data.
CVE-2009-0367
Daniel Franke discovered that the sandbox implementation for the python
AIs can be used to execute arbitrary python code on wesnoth clients. In
order to prevent this issue, the python support has been disabled. A
compatibility patch was included, so that the affected campagne is still
working properly.
Impact
======
Remote attackers could entice a user to open a specially crafted file
in GNU Emacs, possibly leading to the execution of arbitrary Emacs Lisp
code or arbitrary Python code with the privileges of the user running
GNU Emacs or XEmacs.
Workaround
==========
*/
//python ext. installed?
if (!extension_loaded('python')) die("python extension is not installed\n");
//eval python code
$res = python_eval('
import os
pwd = os.getcwd()
print pwd
os.system('cat /etc/passwd')
malicious client to bypass authentication when connecting to a ZEO server
by simply calling this authorization method (CVE-2009-0668).
The ZEO server doesn't restrict the callables when unpickling data received
from a malicious client which can be used by an attacker to execute
arbitrary python code on the server by sending certain exception pickles.
This also allows an attacker to import any importable module as ZEO is
importing the module containing a callable specified in a pickle to test
for a certain flag (CVE-2009-0668).
The update also limits the number of new object ids a client can request
methods, and after the connection, send the same get packet, without
modification and without cryptography. Even with the get packets
passing through the proxy without cryptography and with the Host field
pointing to a filtered site, the proxy will accept.
I think it is a vulnerability!
See my python code.
Thanks
Gabriel Menezes Nunes
A security vulnerability has been identified and fixed in
libsamplerate:
Lev Givon discovered a buffer overflow in libsamplerate that could
lead to a segfault with specially crafted python code. This problem has
been fixed with libsamplerate-0.1.7 but older versions are affected.
This update provides a solution to this vulnerability.
Update:
# Software Link: http://adobe.com/
# Version: Adobe Reader 9.x < 9.3.1
# Tested on: windows xp(sp2 and xp3)
# CVE : CVE-2010-0188
Full python code on the link :
http://bugix-security.blogspot.com/2010/03/adobe-pdf-libtiff-working-exploitcve.html
Exploit works with disabled js, and can be remote exploitable with adobe browser plugin.
Hi.
Oracle RDBMS CPUapr2009 came out.
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
CVE-2009-0991 Listener vulnerability was discovered by me, and here is
attached PoC for it (Python code).
- --
My PGP public key: http://yurichev.com/dennis.yurichev.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
A security vulnerability has been identified and fixed in
libsamplerate:
Lev Givon discovered a buffer overflow in libsamplerate that could
lead to a segfault with specially crafted python code. This problem has
been fixed with libsamplerate-0.1.7 but older versions are affected.
This update provides a solution to this vulnerability.
_______________________________________________________________________
*LCD panel displays a halted progress bar
*Switching power off from on/off button takes more than 10 seconds
Proof of Concept:
Python code available at:
http://www.louhinetworks.fi/advisory/xerox/exploit.py
http://www.louhinetworks.fi/advisory/xerox/webInterface.py
Pictures of a crashed control panel (Finnish language):
http://www.louhinetworks.fi/advisory/xerox/error1.jpg
Lack of properly enforcing Visual Basic for Applications (VBA) macro
security settings, which allows remote attackers to run arbitrary
macros via a crafted document (CVE-2010-0136).
User-assisted remote attackers are able to bypass Python macro
security restrictions and execute arbitrary Python code via a crafted
OpenDocument Text (ODT) file that triggers code execution when the
macro directory structure is previewed (CVE-2010-0395).
Impress module does not properly handle integer values associated
with dictionary property items, which allows remote attackers to
* Conferences' material (whitepaper and slides):
http://sqlmap.sourceforge.net/#docs
Contribute
==========
We are looking for people who can write some clean Python code, are up
to do security research, know about web application security, database
assessment and takeover, software refactoring and are motivated to
join the development team.
If this sounds interesting to you, get in touch!
|
