Exploit the possiblities
Showing 76 - 100 of 1,050 RSS Feed

Python Files

Ubuntu Security Notice USN-3080-1
Posted Sep 15, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3080-1 - Eric Soroos discovered that the Python Imaging Library incorrectly handled certain malformed FLI or PhotoCD files. A remote attacker could use this issue to cause Python Imaging Library to crash, resulting in a denial of service. Andrew Drake discovered that the Python Imaging Library incorrectly validated input. A remote attacker could use this to cause Python Imaging Library to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, python
systems | linux, ubuntu
advisories | CVE-2014-3589
MD5 | 049f41fc88efb9a4b9f78bfc22d3729d
Red Hat Security Advisory 2016-1850-01
Posted Sep 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1850-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.

tags | advisory, arbitrary, python
systems | linux, redhat
advisories | CVE-2015-8920, CVE-2015-8921, CVE-2015-8932, CVE-2016-4809, CVE-2016-5418, CVE-2016-5844, CVE-2016-7166
MD5 | 02e572b757677a32648780076e5e319e
Red Hat Security Advisory 2016-1844-01
Posted Sep 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1844-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.

tags | advisory, arbitrary, python
systems | linux, redhat
advisories | CVE-2015-8916, CVE-2015-8917, CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8934, CVE-2016-1541, CVE-2016-4300, CVE-2016-4302, CVE-2016-4809, CVE-2016-5418, CVE-2016-5844, CVE-2016-6250, CVE-2016-7166
MD5 | 10ea330f0d966c32d82a952ea7fb4c0f
Stegano 0.6.1
Posted Aug 28, 2016
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Reorganization of the steganalysis sub-module.
tags | tool, encryption, steganography, python
systems | unix
MD5 | fc1bf07c349e8e9e060d889db34699c3
Blue Team Training Toolkit (BT3) 2.0
Posted Aug 27, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: Download command has been implemented. Search has been integrated with the BT3 API. Various other updates and improvements.
tags | tool, python
systems | unix
MD5 | 76d6d995c9cfaa51b5233170eea7ffda
Htcap Analysis Tool 1.0.1
Posted Aug 26, 2016
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

Changes: This release is focused on stability, bugfixes, and minor improvements.
tags | tool, web, javascript, sniffer, python
MD5 | a4f577e9f89d71d5f6c3d79d81ba29d4
Red Hat Security Advisory 2016-1626-01
Posted Aug 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1626-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5699
MD5 | 53b0ca7b2756e948f24fbe6f5e5bc10e
Red Hat Security Advisory 2016-1629-01
Posted Aug 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1629-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5699
MD5 | 071423e786f2546938e8ff0585f22468
Red Hat Security Advisory 2016-1628-01
Posted Aug 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1628-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5699
MD5 | a48c45d1cb8791d0084505e7c812eddb
Red Hat Security Advisory 2016-1630-01
Posted Aug 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1630-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5699
MD5 | 5c4f0a8e974437ef65b97dc33fd28f3f
Red Hat Security Advisory 2016-1627-01
Posted Aug 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1627-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5699
MD5 | 4a80a804ca49b06fb96354f767bbcc96
Red Hat Security Advisory 2016-1596-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1596-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.

tags | advisory, web, javascript, xss, python
systems | linux, redhat
advisories | CVE-2016-6186
MD5 | 1bee7be03e616f5ce088093d21a97c91
Red Hat Security Advisory 2016-1595-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1595-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.

tags | advisory, web, javascript, xss, python
systems | linux, redhat
advisories | CVE-2016-6186
MD5 | e7b665d56d6cdea27c61a88d8794ae05
Red Hat Security Advisory 2016-1594-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1594-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.

tags | advisory, web, javascript, xss, python
systems | linux, redhat
advisories | CVE-2016-6186
MD5 | ae57de7f8e8b4cb4d505d6f3bdc59790
Stegano 0.6
Posted Aug 6, 2016
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Command-line improvements.
tags | tool, encryption, steganography, python
systems | unix
MD5 | 415139dd6d32bb34fc92dbda1c81e7c7
Keystone 0.9.1
Posted Jul 27, 2016
Authored by Nguyen Anh Quynh | Site keystone-engine.org

Keystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, and X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages, with bindings for Python, NodeJS, Ruby, Go and Rust available and also has native support for Windows and various Unix flavors.

Changes: Various updates.
tags | tool, x86, python, ruby
systems | windows, unix
MD5 | 966e0395a3733f68518a2833e64134c1
Mobius Forensic Toolkit 0.5.25
Posted Jul 26, 2016
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Many updates to the C++ and python APIs. Various other improvements.
tags | tool, python, forensics
MD5 | 72611358478efed219baa6cb4fa4299a
Autobahn|Python Origin Header Manipulation
Posted Jul 23, 2016
Authored by mgill

Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser's context. This is addressed in version 0.15.0.

tags | exploit, python, bypass
MD5 | b5e56a17d55d166124be2e6885b8dea7
Blue Team Training Toolkit (BT3) 1.2
Posted Jul 21, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: New commands implemented, UI improvements, documentation updates and minor adjustments.
tags | tool, python
systems | unix
MD5 | e7085fefd7be1488324644ab7870d41b
Debian Security Advisory 3622-1
Posted Jul 19, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3622-1 - It was discovered that Django, a high-level Python web development framework, is prone to a cross-site scripting vulnerability in the admin's add/change related popup.

tags | advisory, web, xss, python
systems | linux, debian
advisories | CVE-2016-6186
MD5 | bb598c44f3c2f0d6487c44becc2a7577
Blue Team Training Toolkit (BT3) 1.1
Posted Jul 12, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: Documentation updates and minor adjustments.
tags | tool, python
systems | unix
MD5 | 5aa37d7a933381d2b3981641c5bc2327
Python 3.5.2 DLL Hijacking
Posted Jul 7, 2016
Authored by Himanshu Mehta

Python version 3.5.2 suffers from a dll hijacking vulnerability.

tags | exploit, python
systems | windows
MD5 | fa0ebbeecce438461aa28fdfee882510
Blue Team Training Toolkit (BT3) 1.0
Posted Jun 27, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the lastest versions of Encripto's Maligno and Pcapteller.

tags | tool, python
systems | unix
MD5 | fe72d5213c072e79f6609c0612fe7c75
Red Hat Security Advisory 2016-1272-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1272-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. The following packages have been upgraded to a newer upstream version: python-django-horizon: 2015.1.4. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss, python
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | bbfd24457e5d5119aba28405aa71fa6b
Python urllib HTTP Header Injection
Posted Jun 16, 2016
Authored by Timothy D. Morgan

Python's built-in URL library ("urllib2" in 2.x and "urllib" in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. "smuggling" attacks) via the http scheme.

tags | exploit, web, protocol, python
MD5 | ca041924a3e7ed37da6b0480373af01a
Page 4 of 42
Back23456Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    12 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close