CVE-2019-18348

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...

CVE-2019-18348

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...

PSF-2019-7 CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...

CVE-2019-18348

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...

SUSE-RU-2019:2715-1 Recommended update for xen

This update for xen to version 4.12.1 fixes the following issues: - Fixed an issue which made Xen crash on AMD ROME based machines bsc1135799. - Xenpvnetboot is now ported correctly to Python 3 bsc1138563. - Added code to change LIBXLHOTPLUGTIMEOUT at runtime bsc1120095. The included README has...

XMLRPC Bruteforcer - An XMLRPC Brute Forcer Targeting Wordpress

An XMLRPC brute forcer targeting Wordpress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second. Usage python3 xmlrcpbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt username python3...

phpIPAM 1.4 - SQL Injection Vulnerability

Exploit for php platform in category web applications !/usr/bin/env python3 Exploit Title: phpIPAM Custom Field Filter SQL Injection Exploit Announcement Date: September 16, 2019 5:18 AM Exploit Creation Date: September 27, 2019 Exploit Author: Kevin Kirsche Vendor Homepage: https://phpipam.net...

Exploit for Improper Authentication in Phpmyadmin

CVE-2018-12613 Modified standalone exploit ported to Python 3...

PSF-2019-5 email.utils.parseaddr mistakenly parse an email

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To header...

Truegaze - Static Analysis Tool For Android/iOS Apps Focusing On Security Issues Outside The Source Code

A static analysis tool for Android and iOS applications focusing on security issues outside the source code such as resource strings, third party libraries and configuration files. Requirements Python 3 is required and you can find all required modules in the requirements.txt file. Only tested on...

Airflowscan - Checklist And Tools For Increasing Security Of Apache Airflow

Checklist and tools for increasing security of Apache Airflow. DISCLAIMER This project NOT AFFILIATED with the Apache Foundation and the Airflow project, and is not endorsed by them. Contents The purpose of this project is provide tools to increase security of Apache Airflow. installations. This...

Meet AttackSurfaceMapper; new automated penetration testing tool

By Sudais AttackSurfaceMapper penetration testing tool has been developed in Python 3.x, is compatible with all major operating systems. This is a post from HackRead.com Read the original post: Meet AttackSurfaceMapper; new automated penetration testing tool...

UPDATE: SILENTTRINITY v0.3.0

PenTestIT RSS Feed Just yesterday, I wrote about this open source post-exploitation C2 framework and a new release is already available. The post was titled - List of Open Source C2 Post-Exploitation Frameworks. We now have SILENTTRINITY v0.3.0 amongst us, which was in the works for a long time!...

AutoRecon - Multi-Threaded Network Reconnaissance Tool Which Performs Automated Enumeration Of Services

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments e.g. OSCP. It may also be useful in real-world engagements. The tool works by firstly...

[SECURITY] Fedora 29 Update: python3-docs-3.7.4-1.fc29

The python3-docs package contains documentation on the Python 3 programming language and interpreter. Install the python3-docs package if you'd like to use the documentation for the Python 3 language...

Fedora Update for python3-docs FEDORA-2019-60a1defcd1

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for python3-docs FEDORA-2019-9bfb4a3e4b

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Amazon Linux AMI : python34 (ALAS-2019-1242)

An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the query string after a ? character followed by an HTTP header...

Amazon Linux 2 : python3 (ALAS-2019-1247)

An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that lacks a ? character followed b...

Git-Hound - Find Exposed Keys Across GitHub Using Code Search Keywords

A pattern-matching, batch-catching secret snatcher. This project is intended to be used for educational purposes. Git Hound makes it easy to find exposed API keys on GitHub using pattern matching, targetted querying, and a scoring system. Usage echo "tillsongalloway.com" | python git-hound.py or...