what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

YingZhi Python 1.9 Arbitrary Traversal / Write
Posted Sep 26, 2012
Authored by Larry W. Cashdollar

YingZhi Python version 1.9 application for iOS allows for arbitrary file uploads to the root WWW directory and also has a ftp server directory traversal vulnerability that forces no authentication.

tags | exploit, arbitrary, root, python, file inclusion, file upload
systems | apple
SHA-256 | dd481a7d02e448e69e88b80af5a9bce38fe30a0e912040a9b5f2d81914099c34

Related Files

GIMP 2.6 Script-Fu Command Execution
Posted Aug 17, 2012
Site reactionpenetrationtesting.co.uk

There is an arbitrary command execution vulnerability in the scriptfu network server console in the GIMP 2.6 branch. It is possible to use a python scriptfu command to run arbitrary operating-system commands and potentially take full control of the host.

tags | advisory, arbitrary, python
advisories | CVE-2012-4245
SHA-256 | 6bb8abc35df548c551fcf9ff102ee8db444b1e273993fe8a725e91885c36da04
Debian Security Advisory 2529-1
Posted Aug 15, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2529-1 - Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework.

tags | advisory, web, vulnerability, python
systems | linux, debian
advisories | CVE-2012-3442, CVE-2012-3443, CVE-2012-3444
SHA-256 | e72295d670e7e8b3f6c6c48e0ae95f800f20359a421a53e4c43f767c101a0216
Secunia Security Advisory 50226
Posted Aug 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in Python Beaker Library, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory, python
SHA-256 | 8942656c4b72e5afdc7ca995f066565983408fbb924a1a1b930c18cad48472dc
Secunia Security Advisory 50257
Posted Aug 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for python-django. This fixes two security issues and a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, xss, python
systems | linux, debian
SHA-256 | fb3927d6bec81d24005c29a06dbc212f764f4d161f9c53d4a1dd8b08da17db26
Secunia Security Advisory 50167
Posted Aug 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for python-django. This fixes two security issues and a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, xss, python
systems | linux, suse
SHA-256 | f9efc7c401f1d4cbc75e1493da5ca92571feb8f58b4b4b9b6dbdf2564b5f715b
Termineter 0.1.0
Posted Jul 24, 2012
Authored by Spencer McIntyre | Site code.google.com

Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface.

tags | tool, protocol, python
systems | unix
SHA-256 | 8c72b50832476f3e05267e7d4f72848ea822e3c27a9f383258782999f96bcc12
Secunia Security Advisory 49914
Posted Jul 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for libxslt and libxslt-python. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of an application using the library.

tags | advisory, denial of service, python
systems | linux, suse
SHA-256 | 1cd3cc628c050c7ba4b71fcca7a23ed1f9c15cbf02b657cb22940760d27712e3
Python Untrusted Search Path / Code Execution
Posted Jul 9, 2012
Authored by rogueclown

Python versions 2.7.2 and 3.2.1 suffer from an untrusted search path / code execution vulnerability.

tags | exploit, code execution, python
SHA-256 | 98e93731fcf6d0dd24fe05de218155cf894de44ce86ced09013024c3b4ecb0ac
Secunia Security Advisory 49768
Posted Jul 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for python-crypto. This fixes a weakness, which can be exploited by malicious people to conduct brute force attacks.

tags | advisory, crypto, python
systems | linux, suse
SHA-256 | f4130749b8c631dae273b117f941bcbfab35aa62db0ea73f8d609cff0374a530
Python-wrapper Untrusted Search Path / Code Execution
Posted Jul 2, 2012
Authored by ShadowHatesYou

Python-wrapper executes any test.py script within the current working directory, when supplied with help('modules'). A non-privileged user may gain code execution by tricking root to help('modules') or help() and then modules from within python-wrapper while within a non-privileged user's work directory.

tags | exploit, root, code execution, python
SHA-256 | d58933fe94dc7d2c9f7f05b9dd9d6736fd4a43d5f37eee91e3e776a573bb8c24
Mandriva Linux Security Advisory 2012-096-1
Posted Jul 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. The _ssl module would always disable the CBC IV attack countermeasure. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file. A race condition was found in the way the Python distutils module set file permissions during the creation of the.pypirc file. Various other issues were also addressed.

tags | advisory, vulnerability, xss, python
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150
SHA-256 | 6519f45b66e8e91380ebd2fe36730ada9b3c9fe8a02948e6fcc43d7e69bb6a64
Secunia Security Advisory 49760
Posted Jun 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for python-crypto. This fixes a weakness, which can be exploited by malicious people to conduct brute force attacks.

tags | advisory, crypto, python
systems | linux, ubuntu
SHA-256 | bc029fce5673bf2054a75e646770f76352b50f52789172738c802ace6abce190
Secunia Security Advisory 49559
Posted Jun 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for python-crypto. This fixes a weakness, which can be exploited by malicious people to conduct brute force attacks.

tags | advisory, crypto, python
systems | linux, debian
SHA-256 | 1da34bccbc972e9e82edbd3e546f7e6ed908bd526a4ef4849070525b4e3c5e6a
Debian Security Advisory 2502-1
Posted Jun 24, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2502-1 - It was discovered that that the ElGamal code in PythonCrypto, a collection of cryptographic algorithms and protocols for Python used insecure insufficient prime numbers in key generation, which lead to a weakened signature or public key space, allowing easier brute force attacks on such keys.

tags | advisory, protocol, python
systems | linux, debian
advisories | CVE-2012-2417
SHA-256 | 6d4508421551948092f3a47c494a7261e2fff7ccbfc0297c1626d54727c95efa
Mandriva Linux Security Advisory 2012-097
Posted Jun 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-097 - Multiple vulnerabilities has been discovered and corrected in python. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. Various other issues have also been addressed. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability, python
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150
SHA-256 | ea9f72137a552f0a45271fbb9a2d3f3aee9113cb46971ef47821e194f3b4801e
Mandriva Linux Security Advisory 2012-096
Posted Jun 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. Various other issues have also been addressed. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability, python
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150
SHA-256 | a875f61d4323d9bd3fdd15f37616b7c52da1e10355b2f976bd21d77e7714133c
Secunia Security Advisory 49622
Posted Jun 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for python. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability, xss, python
systems | linux, redhat
SHA-256 | f32b2e4ab45b9bc474f4e87319db5a2c157eb745cdea23d1819061f1f60d0173
Secunia Security Advisory 49525
Posted Jun 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for python. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability, xss, python
systems | linux, redhat
SHA-256 | 5c45a8d22f4ec7f60a313ddff030e437caebd621405ef1f689371c14bbc15fe1
Red Hat Security Advisory 2012-0745-01
Posted Jun 18, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0745-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2011-4940, CVE-2011-4944, CVE-2012-1150
SHA-256 | 9b589376b7c9062ad24b4f8af937559408735d4b1c8f000fdf908cd9cd6cd8c1
Red Hat Security Advisory 2012-0744-01
Posted Jun 18, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0744-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150
SHA-256 | 0195e7d2a58a603b9f9e924879d940296b0663a33117c68a1367cbbdbd34a945
Secunia Security Advisory 49231
Posted Jun 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for python-tornado. This fixes a vulnerability, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the framework.

tags | advisory, web, python
systems | linux, suse
SHA-256 | 5720ce07a1bdffb3c8efd1846ad2b368d1fa0e4ac1c093deadd085e9d81ebc5a
Anonymous FTP Scanning Scripts
Posted Jun 15, 2012
Authored by Ajith KP

This is a set of python script that will scan a set of FTP servers to see if they allow anonymous access.

tags | tool, scanner, python
systems | unix
SHA-256 | 463d084c2bac760e9cb2ebe8a1190b970ae4145ddf65e163c0571f43301917e1
Advanced Admin Page Finder
Posted Jun 14, 2012
Authored by Ajith KP, Chaitanya Krishna

Advanced Admin Page Finder searches a site for over 800 possible administrative interfaces. Written in Python.

tags | tool, scanner, python
systems | unix
SHA-256 | 579b03498bcce05149a5c42de2dd6d0b6c95d1437440609f8d48da616759e034
F5 BIG-IP Remote Root Authentication Bypass
Posted Jun 12, 2012
Authored by David Kennedy

This is a proof of concept remote root authentication bypass exploit for F5 BIG-IP. Written in Python.

tags | exploit, remote, root, proof of concept, python
SHA-256 | 56ead1dc2b7a0b89044841502ec4977b0bed8067f3b3118da72703e3b50cbed2
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
Posted Jun 11, 2012
Authored by Yorick Koster, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft Office's ClickOnce feature. When handling a Macro document, the application fails to recognize certain file extensions as dangerous executables, which can be used to bypass the warning message. This allows you to trick your victim into opening the malicious document, which will load up either a python or ruby payload based on your choosing, and then finally download and execute our executable.

tags | exploit, python, ruby
advisories | CVE-2012-0013, OSVDB-78207
SHA-256 | 0a79ccc75253fc54a4cbf99a7599c06f3f75c9e59c1385bd9c4f718868f83665
Page 1 of 4
Back1234Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close