Twenty Year Anniversary
Showing 101 - 125 of 1,093 RSS Feed

Python Files

Red Hat Security Advisory 2016-2933
Posted Dec 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2933 - An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 9.0 (Mitaka). Security Fix: It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.

tags | advisory, xss, python
systems | linux, redhat
advisories | CVE-2016-7103
MD5 | 3a67966724894e89a341f4814dcd580e
Red Hat Security Advisory 2016-2932-01
Posted Dec 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2932-01 - An update for python-XStatic-jquery-ui is now available for Red Hat OpenStack Platform 8.0 (Liberty). Security Fix: It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user.

tags | advisory, xss, python
systems | linux, redhat
advisories | CVE-2016-7103
MD5 | 1cb3f4b95bde5aecb57e2e20df9a968b
Ubuntu Security Notice USN-3138-1
Posted Nov 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3138-1 - Markus Doering discovered that python-cryptography incorrectly handled certain HKDF lengths. This could result in python-cryptography returning an empty string instead of the expected derived key.

tags | advisory, python
systems | linux, ubuntu
advisories | CVE-2016-9243
MD5 | 7af8fd9033167a619d1f40c7d195fbcb
Blue Team Training Toolkit (BT3) 2.1
Posted Nov 23, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: New Mocksum module added, improved Maligno HTTP method support, minor adjustments.
tags | tool, python
systems | unix
MD5 | 4e79eb042eb823afaf5a229f2344c8fe
Ubuntu Security Notice USN-3134-1
Posted Nov 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3134-1 - It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, remote, web, cgi, python
systems | linux, ubuntu
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5636, CVE-2016-5699
MD5 | 0ce8a8b98671640d3e776ca2617dbc64
Red Hat Security Advisory 2016-2607-02
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2607-02 - The powerpc-utils-python packages provide Python-based utilities for maintaining and servicing PowerPC systems. Security Fix: It was found that the amsvis command of the powerpc-utils-python package did not verify unpickled data before processing it. This could allow an attacker who can connect to an amsvis server process to execute arbitrary code as the user running the amsvis process.

tags | advisory, arbitrary, python
systems | linux, redhat
advisories | CVE-2014-8165
MD5 | ba6c75d947c853f1781181f0216f1991
Red Hat Security Advisory 2016-2592-02
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2592-02 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. The subscription-manager-migration-data package provides certificates for migrating a system from the legacy Red Hat Network Classic to Red Hat Subscription Management. The python-rhsm packages provide a library for communicating with the representational state transfer interface of a Red Hat Unified Entitlement Platform. The Subscription Management tools use this interface to manage system entitlements, certificates, and access to content.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2016-4455
MD5 | 424afbdd323d8fbca5417ca0c81d7abd
Red Hat Security Advisory 2016-2586-02
Posted Nov 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2586-02 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later "import" statement could cause a heap overflow, leading to arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution, python
systems | linux, redhat
advisories | CVE-2016-5636
MD5 | 6a7880c1413ad2ea73746f9f5fd7fe89
Red Hat Security Advisory 2016-2582-02
Posted Nov 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2582-02 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix: Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality.

tags | advisory, kernel, python
systems | linux, redhat
advisories | CVE-2015-8803, CVE-2015-8804, CVE-2015-8805, CVE-2016-6489
MD5 | b904965b4165784bbe76c8baa6406604
Scapy Packet Manipulation Tool 2.3.3
Posted Oct 18, 2016
Authored by Philippe Biondi | Site secdev.org

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.

Changes: Various updates.
tags | tool, scanner, python
systems | unix
MD5 | 336d6832110efcf79ad30c9856ef5842
Mobius Forensic Toolkit 0.5.26
Posted Oct 10, 2016
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: Tons of C++ API changes. Various other improvements.
tags | tool, python, forensics
MD5 | c8cfc5982d32602b5f1b357feee8f245
Red Hat Security Advisory 2016-2043-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2043-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. The following packages have been upgraded to a newer upstream version: python-django. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
MD5 | 6da0bd40a5c680d7049e0626fa3561ef
Red Hat Security Advisory 2016-2041-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2041-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. The following packages have been upgraded to a newer upstream version: python-django. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
MD5 | 00439dca5936623548075e128c80ca9d
Red Hat Security Advisory 2016-2039-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2039-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
MD5 | dbcb237a375ddc6cfcddaa0b3e249510
Red Hat Security Advisory 2016-2040-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2040-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
MD5 | 705c299413c2e0c6b10fe75d900f1590
Red Hat Security Advisory 2016-2042-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2042-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. The following packages have been upgraded to a newer upstream version: python-django. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
MD5 | fb6bc39c8beacf7811e0910541b0173f
Red Hat Security Advisory 2016-2038-01
Posted Oct 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2038-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavior and to mitigate this attack. ''request.COOKIES'' may now contain cookies that are invalid according to RFC 6265 but are possible to set using ''document.cookie''.

tags | advisory, web, arbitrary, python
systems | linux, redhat
advisories | CVE-2016-7401
MD5 | b5bd49e8785f83f482f50a3e8ac1eab9
Red Hat Security Advisory 2016-1978-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1978-01 - Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix: It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-1000111
MD5 | 51d8e2299330edaa913b00676551d000
Ubuntu Security Notice USN-3080-1
Posted Sep 15, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3080-1 - Eric Soroos discovered that the Python Imaging Library incorrectly handled certain malformed FLI or PhotoCD files. A remote attacker could use this issue to cause Python Imaging Library to crash, resulting in a denial of service. Andrew Drake discovered that the Python Imaging Library incorrectly validated input. A remote attacker could use this to cause Python Imaging Library to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, python
systems | linux, ubuntu
advisories | CVE-2014-3589
MD5 | 049f41fc88efb9a4b9f78bfc22d3729d
Red Hat Security Advisory 2016-1850-01
Posted Sep 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1850-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.

tags | advisory, arbitrary, python
systems | linux, redhat
advisories | CVE-2015-8920, CVE-2015-8921, CVE-2015-8932, CVE-2016-4809, CVE-2016-5418, CVE-2016-5844, CVE-2016-7166
MD5 | 02e572b757677a32648780076e5e319e
Red Hat Security Advisory 2016-1844-01
Posted Sep 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1844-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix: A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive.

tags | advisory, arbitrary, python
systems | linux, redhat
advisories | CVE-2015-8916, CVE-2015-8917, CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8934, CVE-2016-1541, CVE-2016-4300, CVE-2016-4302, CVE-2016-4809, CVE-2016-5418, CVE-2016-5844, CVE-2016-6250, CVE-2016-7166
MD5 | 10ea330f0d966c32d82a952ea7fb4c0f
Stegano 0.6.1
Posted Aug 28, 2016
Authored by Cedric Bonhomme | Site github.com

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

Changes: Reorganization of the steganalysis sub-module.
tags | tool, encryption, steganography, python
systems | unix
MD5 | fc1bf07c349e8e9e060d889db34699c3
Blue Team Training Toolkit (BT3) 2.0
Posted Aug 27, 2016
Authored by Juan J. Guelfo | Site encripto.no

Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.

Changes: Download command has been implemented. Search has been integrated with the BT3 API. Various other updates and improvements.
tags | tool, python
systems | unix
MD5 | 76d6d995c9cfaa51b5233170eea7ffda
Htcap Analysis Tool 1.0.1
Posted Aug 26, 2016
Authored by Filippo Cavallarin

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

Changes: This release is focused on stability, bugfixes, and minor improvements.
tags | tool, web, javascript, sniffer, python
MD5 | a4f577e9f89d71d5f6c3d79d81ba29d4
Red Hat Security Advisory 2016-1626-01
Posted Aug 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1626-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5699
MD5 | 53b0ca7b2756e948f24fbe6f5e5bc10e
Page 5 of 44
Back34567Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    15 Files
  • 14
    Dec 14th
    14 Files
  • 15
    Dec 15th
    2 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    15 Files
  • 18
    Dec 18th
    9 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close