AlmaLinux 8 : python3 (ALSA-2021:4399)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4399 advisory. - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server coul...

[SECURITY] Fedora 34 Update: python2.7-2.7.18-20.fc34

Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especial ly how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been...

Autotimeliner - Automagically Extract Forensic Timeline From Volatile Memory Dump

Automagically extract forensic timeline from volatile memory dumps. Requirements Python 3 Volatility mactime from SleuthKit Developed and tested on Debian 9.6 with Volatility 2.6-1 and sleuthkit 4.4.0-5 How it works AutoTimeline automates this workflow: Identify correct volatility profile for the...

Debian DLA-2919-1 : python2.7 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2919 advisory. - Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that...

AlmaLinux 8 : python3 (ALSA-2021:1633)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1633 advisory. - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls...

IDACode - An Integration For IDA And VS Code Which Connects Both To Easily Execute And Debug IDAPython Scripts

IDACode makes it easy to execute and debug Python scripts in your IDA environment without leaving Visual Studio Code. The VS Code extension can be found on the marketplace. IDACode is still in a very early state and bugs are to be expected. Please open a new issue if you encounter any issues...

Mageia: Security Advisory (MGASA-2021-0193)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Log4J-Detect - Script To Detect The "Log4j" Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading

Simple Python 3 script to detect the "Log4j" Java library vulnerability CVE-2021-44228 for a list of URL with multithreading The script "log4j-detect.py" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228. To do so, it sends a GET request...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

CVE-2019-9053 CVE-2019-9053 Exploit for Python 3 Last tested...

SUSE SLES15 Security Update : python3 (SUSE-SU-2021:4015-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4015-2 advisory. - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat

CVE-2017-12617 CVE-2017-12617 is a critical vulnerability lea...

Oracle Linux 8 : python27:2.7 (ELSA-2021-4151)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4151 advisory. - In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-27619 - The packag...

Toutatis - A Tool That Allows You To Extract Information From Instagrams Accounts Such As E-Mails, Phone Numbers And More

Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails, phone numbers and more Prerequisite Python 3 ️ Installation With PyPI pip install toutatis With Github git clone https://github.com/megadose/toutatis.git cd toutatis/ python3 setup.py install ...

FakeDataGen - Full Valid Fake Data Generator

FakeDataGen is a Full Valid Fake Data Generator. This tool helps you to create fake accounts in Spanish format with fully valid data. Within this information, you can find the most common names, emails, bank details and other useful information. Requirements Python 3 Install requirements.txt...

Authentication flaw

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

CVE-2021-41281 Path traversal in Matrix Synapse

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

CVE-2021-41281

CVE-2021-41281 affects Synapse (Matrix homeserver) versions before 1.47.1 with the media repository enabled. A path traversal vulnerability lets an attacker cause a remote file to be downloaded into an arbitrary directory without authentication; the impact is mitigated by the last two path compon...

CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

Koppeling - Adaptive DLL Hijacking / Dynamic Export Forwarding

This project is a demonstration of advanced DLL hijack techniques. It was released in conjunction with the "Adaptive DLL Hijacking" blog post. I recommend you start there to contextualize this code. This project is comprised of the following elements: Harness.exe: The "victim" application which i...