Twenty Year Anniversary
Showing 1 - 25 of 1,082 RSS Feed

Python Files

Intel ME Manufacturing Mode Detection Tools
Posted Oct 4, 2018
Authored by Dmitry Sklyarov, Maxim Goryachy, Mark Ermolov | Site ptsecurity.com

Intel ME has a Manufacturing Mode designed to be used exclusively by motherboard manufacturers. This mode provides some additional opportunities that an attacker can take advantage of. When Manufacturing Mode is enabled, Intel ME allows execution of the command which makes the ME region writable via the SPI controller built into the motherboard. The ability to run code and send commands to Intel ME on the attacked system allows the attacker to rewrite the Intel ME firmware onto another version. So the attacker is able to deploy the firmware which is vulnerable to INTEL-SA-00086 and execute arbitrary code on Intel ME even if the system is patched. This archive contains Python 2.7 scripts for checking the state of the Intel ME Manufacturing Mode.

tags | tool, arbitrary, scanner, python
systems | unix
advisories | CVE-2018-4251
MD5 | 1a9b68acfbdb192e5529077542c33486
Debian Security Advisory 4306-1
Posted Sep 28, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4306-1 - Multiple security issues were discovered in Python: ElementTree failed to initialize Expat's hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability.

tags | advisory, denial of service, python
systems | linux, debian
advisories | CVE-2018-1000802, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647
MD5 | 59ac7d08f42ae08ee8581f5c3f9f8e4e
Blue Team Training Toolkit (BT3) 2.8
Posted Sep 5, 2018
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: SSL_TRUST option has been included in Maligno. Bug fixes and minor adjustments.
tags | tool, python
systems | unix
MD5 | 59ec404f377eafd4cfcca6d3b2ea9241
Ubuntu Security Notice USN-3720-1
Posted Jul 23, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3720-1 - It was discovered that python-cryptography incorrectly handled certain inputs. An attacker could possibly use this to get access to sensitive information.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2018-10903
MD5 | 05cd246ec889f2ba0e867019b6b5e510
Red Hat Security Advisory 2018-2123-01
Posted Jul 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2123-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a man-in-the-middle vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2016-2183
MD5 | bbaaaf50fafda3cb30530deaac90bbd0
Deserialization Vulnerabilities
Posted May 26, 2018
Authored by intx0x80

This whitepaper explains deserialization vulnerabilities in Java, Python, PHP, and Ruby.

tags | paper, java, php, vulnerability, python, ruby
MD5 | 003eecb39455d3d75ab4d3f37d2cb166
Blue Team Training Toolkit (BT3) 2.7
Posted May 16, 2018
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: This release introduces an improved BT3 API account registration process, support for Ubuntu 18.04 LTS, and other minor adjustments.
tags | tool, python
systems | unix
MD5 | 39ea7027de33d3f510ceceb4aa8433e0
Slackware Security Advisory - python Updates
Posted May 5, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, python
systems | linux, slackware
advisories | CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-9063, CVE-2017-9233, CVE-2018-1060, CVE-2018-1061
MD5 | 4830becfccec59ec7d1e08315d914061
Red Hat Security Advisory 2018-1274-01
Posted May 3, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1274-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. The following packages have been upgraded to a later upstream version: python-paramiko. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
MD5 | 49944063f4ecc3d703262f227fa06f8f
Gentoo Linux Security Advisory 201805-02
Posted May 3, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201805-2 - A buffer overflow in Python might allow remote attackers to execute arbitrary code. Versions less than 2.7.14:2.7 are affected.

tags | advisory, remote, overflow, arbitrary, python
systems | linux, gentoo
advisories | CVE-2017-1000158
MD5 | d7751fe44f3e06a91458c77c8e139509
Red Hat Security Advisory 2018-1213-02
Posted Apr 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1213-02 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
MD5 | 66effb3d212b94a7d5ef3d7b03018bb4
Stegano 0.8.5
Posted Apr 19, 2018
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Fixed an encoding problem which occurred on Windows during the installation of the module.
tags | tool, encryption, steganography, python
systems | unix
MD5 | 8e6e537fe7247631b9ec13345a94243d
Red Hat Security Advisory 2018-1124-01
Posted Apr 12, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1124-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
MD5 | 6c29bd8920e932bf2417c581e66348d1
Red Hat Security Advisory 2018-1125-01
Posted Apr 12, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1125-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
MD5 | 54614beb604eb237c15e09e7ad7f4c48
Ubuntu Security Notice USN-3616-2
Posted Apr 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3616-2 - USN-3616-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, crypto, python
systems | linux, ubuntu
advisories | CVE-2018-6594
MD5 | bba26afb207ddfb1391a3848e4cd104d
Red Hat Security Advisory 2018-0646-01
Posted Apr 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0646-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
MD5 | 4c4a72b2d287abfd5e1ba4347df9ed7f
Ubuntu Security Notice USN-3616-1
Posted Apr 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3616-1 - It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote, crypto, python
systems | linux, ubuntu
advisories | CVE-2018-6594
MD5 | fcedecfcc4487ed429b56fae81f791b6
Debian Security Advisory 4161-1
Posted Apr 1, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4161-1 - James Davis discovered two issues in Django, a high-level Python web development framework, that can lead to a denial-of-service attack. An attacker with control on the input of the django.utils.html.urlize() function or django.utils.text.Truncator's chars() and words() methods could craft a string that might stuck the execution of the application.

tags | advisory, web, python
systems | linux, debian
advisories | CVE-2018-7536, CVE-2018-7537
MD5 | baa4d30e80f46f295485a3b682c445a0
Red Hat Security Advisory 2018-0602-01
Posted Mar 29, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0602-01 - openstack-tripleo-common contains the python library for code common to the Red Hat OpenStack Platform director CLI and GUI. openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools, which can be used to help deploy OpenStack. Issues addressed include a backup related vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2017-12155
MD5 | 164029b1a08e671d7b1c13d804a79564
Scapy Packet Manipulation Tool 2.4.0
Posted Mar 27, 2018
Authored by Philippe Biondi | Site secdev.org

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.

Changes: Python3 support added. Pcap/PcapNg improvements added as well as enhanced Windows support. TLS 1.3 supported. Various other updates.
tags | tool, scanner, python
systems | unix
MD5 | 5be9bca4fd894b067edc1a4ad48e92cb
Red Hat Security Advisory 2018-0591-01
Posted Mar 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0591-01 - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Issues addressed include a bypass vulnerability.

tags | advisory, remote, arbitrary, protocol, python, bypass
systems | linux, redhat
advisories | CVE-2018-7750
MD5 | e62943698b18c3c06e53e2308f2c25ee
Stegano 0.8.4
Posted Mar 1, 2018
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Stegano is ready for use with pipenv and pipsi.
tags | tool, encryption, steganography, python
systems | unix
MD5 | 475a04fb3bdf385068a894e089fab494
Red Hat Security Advisory 2018-0369-01
Posted Feb 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0369-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. python-novaclient is the python client for the OpenStack Nova API. The client's Python API and command-line script both implement 100% of the OpenStack Nova API. The following packages have been upgraded to a later upstream version: openstack-nova, python-novaclient.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2017-16239
MD5 | cd7106719babe2e3386a0ce0aea1860d
Stegano 0.8.3
Posted Feb 26, 2018
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: The recommended way to install Stegano is now to use pipenv.
tags | tool, encryption, steganography, python
systems | unix
MD5 | 6540bb08f1ad672d8740ca25478895d0
Red Hat Security Advisory 2018-0273-01
Posted Feb 5, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-0273-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Multiple security issues have been addressed.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2016-1000111
MD5 | 049337486b2638f35b5bbf37deb9cdff
Page 1 of 44
Back12345Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    19 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close