all things security
Showing 76 - 100 of 1,038 RSS Feed

Python Files

Red Hat Security Advisory 2016-1595-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1595-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.

tags | advisory, web, javascript, xss, python
systems | linux, redhat
advisories | CVE-2016-6186
MD5 | e7b665d56d6cdea27c61a88d8794ae05
Red Hat Security Advisory 2016-1594-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1594-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.

tags | advisory, web, javascript, xss, python
systems | linux, redhat
advisories | CVE-2016-6186
MD5 | ae57de7f8e8b4cb4d505d6f3bdc59790
Stegano 0.6
Posted Aug 6, 2016
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Command-line improvements.
tags | tool, encryption, steganography, python
systems | unix
MD5 | 415139dd6d32bb34fc92dbda1c81e7c7
Keystone 0.9.1
Posted Jul 27, 2016
Authored by Nguyen Anh Quynh | Site keystone-engine.org

Keystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, and X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages, with bindings for Python, NodeJS, Ruby, Go and Rust available and also has native support for Windows and various Unix flavors.

Changes: Various updates.
tags | tool, x86, python, ruby
systems | windows, unix
MD5 | 966e0395a3733f68518a2833e64134c1
Mobius Forensic Toolkit 0.5.25
Posted Jul 26, 2016
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Many updates to the C++ and python APIs. Various other improvements.
tags | tool, python, forensics
MD5 | 72611358478efed219baa6cb4fa4299a
Autobahn|Python Origin Header Manipulation
Posted Jul 23, 2016
Authored by mgill

Autobahn|Python incorrectly checks the Origin header when the 'allowedOrigins' value is set. This can allow third parties to execute legitimate requests for WAMP WebSocket requests against an Autobahn|Python/Crossbar.io server within another browser's context. This is addressed in version 0.15.0.

tags | exploit, python, bypass
MD5 | b5e56a17d55d166124be2e6885b8dea7
Blue Team Training Toolkit (BT3) 1.2
Posted Jul 21, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: New commands implemented, UI improvements, documentation updates and minor adjustments.
tags | tool, python
systems | unix
MD5 | e7085fefd7be1488324644ab7870d41b
Debian Security Advisory 3622-1
Posted Jul 19, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3622-1 - It was discovered that Django, a high-level Python web development framework, is prone to a cross-site scripting vulnerability in the admin's add/change related popup.

tags | advisory, web, xss, python
systems | linux, debian
advisories | CVE-2016-6186
MD5 | bb598c44f3c2f0d6487c44becc2a7577
Blue Team Training Toolkit (BT3) 1.1
Posted Jul 12, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: Documentation updates and minor adjustments.
tags | tool, python
systems | unix
MD5 | 5aa37d7a933381d2b3981641c5bc2327
Python 3.5.2 DLL Hijacking
Posted Jul 7, 2016
Authored by Himanshu Mehta

Python version 3.5.2 suffers from a dll hijacking vulnerability.

tags | exploit, python
systems | windows
MD5 | fa0ebbeecce438461aa28fdfee882510
Blue Team Training Toolkit (BT3) 1.0
Posted Jun 27, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the lastest versions of Encripto's Maligno and Pcapteller.

tags | tool, python
systems | unix
MD5 | fe72d5213c072e79f6609c0612fe7c75
Red Hat Security Advisory 2016-1272-01
Posted Jun 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1272-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. The following packages have been upgraded to a newer upstream version: python-django-horizon: 2015.1.4. Security Fix: A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form, triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised.

tags | advisory, xss, python
systems | linux, redhat
advisories | CVE-2016-4428
MD5 | bbfd24457e5d5119aba28405aa71fa6b
Python urllib HTTP Header Injection
Posted Jun 16, 2016
Authored by Timothy D. Morgan

Python's built-in URL library ("urllib2" in 2.x and "urllib" in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. "smuggling" attacks) via the http scheme.

tags | exploit, web, protocol, python
MD5 | ca041924a3e7ed37da6b0480373af01a
Keystone 0.9
Posted May 31, 2016
Authored by Nguyen Anh Quynh | Site keystone-engine.org

Keystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, & X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages, with bindings for Python, NodeJS, Ruby, Go and Rust available and also has native support for Windows and various Unix flavors.

tags | tool, x86, python, ruby
systems | windows, unix
MD5 | da122aa5ce802c38054bd1e7441e7369
Red Hat Security Advisory 2016-1166-01
Posted May 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1166-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix: The following fix was applied to the python component: The Python standard library HTTP client modules did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data.

tags | advisory, web, python
systems | linux, redhat
advisories | CVE-2013-2099, CVE-2013-7440
MD5 | eb14dd1081988f81d83fb63991cc2460
Stegano 0.5.4
Posted May 23, 2016
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: The generator provided to the functions lsbset.hide() and lsbset.reveal() is now a function. This is more convenient for a user who wants to use a custom generator (not in the module lsbset.generators). Performance improvements for the lsb and lsbset modules.
tags | tool, encryption, steganography, python
systems | unix
MD5 | e1604199f441ed6976d07ba30eb4288a
Stegano 0.5.3
Posted May 20, 2016
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Reorganization of all modules. No impact for the users of Stegano.
tags | tool, encryption, steganography, python
systems | unix
MD5 | bd306ba44fcfb86a91756fab19086af6
Stegano 0.5.1
Posted Apr 26, 2016
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Bug fix release.
tags | tool, encryption, steganography, python
systems | unix
MD5 | 0ec6357e62cdbbd3efd58561a52f9548
pyJoiner Exe Joiner
Posted Apr 23, 2016
Authored by W1ckerMan

Simple python script to combine two executables.

tags | tool, python
systems | unix
MD5 | 8675d534bb68c1ace0f7cf8ea830d713
Linux/x86 Bind Shell Shellcode Generator
Posted Apr 22, 2016
Authored by Ajith KP

This python script generates bind shell shellcode for Linux x64.

tags | tool, shell, shellcode, python
systems | linux
MD5 | 06811d24e0e32273cc53ea6465d185f2
Debian Security Advisory 3548-2
Posted Apr 14, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3548-2 - The upgrade to Samba 4.2 issued as DSA-3548-1 introduced a packaging regression causing an additional dependency on the samba binary package for the samba-libs, samba-common-bin, python-samba and samba-vfs-modules binary packages. Updated packages are now available to address this problem.

tags | advisory, python
systems | linux, debian
MD5 | 22521b87923b32486187a5b55402956d
SnappingTurtle Web Exploitation Tool 0.1.0411.1609
Posted Apr 11, 2016
Authored by John Leitch

Exploit web applications with SnappingTurtle, a cross-platform tool written in Aphid and compiled into Python. SnappingTurtle can exploit SQL injection, arbitrary upload, local file inclusion, and cross-site scripting.

Changes: Improved PHP shell polymorphism. Multiple reliability improvements for LFI to RCE. Several functional improvements to SQL injection.
tags | tool, web, arbitrary, local, xss, sql injection, python, file inclusion
systems | unix
MD5 | 2be7b508b3f9e65340cbf87c0fa81573
PostgreSQL CREATE LANGUAGE Execution
Posted Apr 9, 2016
Authored by Micheal Cottingham, midnitesnake, Nixawk | Site metasploit.com

Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This requires a superuser. This is usually postgres. The execution should be platform-agnostic, and has been tested on OS X, Windows, and Linux. This Metasploit module attempts to load Perl or Python to execute system commands. As this dynamically loads a scripting language to execute commands, it is not necessary to drop a file on the filesystem. Only Postgres 8 and up are supported.

tags | exploit, perl, python
systems | linux, windows, apple, osx
MD5 | 3c81d94f69a7a70e2c856b1c3cb07ab0
Debian Security Advisory 3544-1
Posted Apr 8, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3544-1 - Several vulnerabilities were discovered in Django, a high-level Python web development framework.

tags | advisory, web, vulnerability, python
systems | linux, debian
advisories | CVE-2016-2512, CVE-2016-2513
MD5 | e283427f78e95766c8ca8ca43e6bd596
Python 2.7 For iOS Filter Bypass
Posted Mar 31, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Python 2.7 iOS application version 1.5.4 suffers from a filter bypass issue that allows malicious script code to get inserted client-side.

tags | exploit, python
systems | ios
MD5 | 48e059143317589304cdb0f92d4625eb
Page 4 of 42
Back23456Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close