PYSEC-2017-68

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...

CVE-2017-0906

The CVE-2017-0906 SSRF flaw affects the Recurly Client Python Library prior to versions 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, and 2.6.2 in the Resource.get method. Root cause: server-side request forgery could allow an attacker to access API keys or other sensitive resources. Impact: potent...

CVE-2017-0906

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...

[SECURITY] Fedora 26 Update: modulemd-1.3.2-1.fc26

A python library for manipulation of the proposed module metadata format...

Cross-Site Scripting (XSS)

Pypeline is vulnerable to cross-site scriptingXSS attacks. The Python library allows the passing of Javascript to the Markup processor...

0x-web3 (=5.0.0a5), a2grunnerp (>=0.1.0 <=0.1.8) +4118 more potentially affected by CVE-2015-5237 via protobuf (>=2.6.0 <=3.3.0)

protobuf PYPI version =2.6.0, =0.1.0, =0.1.0, =0.1.6, =1.0.2, =0.0.1b1, =0.2.5, =0.1.0, =1.0.0, =1.0.6 - academic-emotion =0.1.2 and more Source cves: CVE-2015-5237 Source advisory: OSV:PYSEC-2017-65...

fses - Python Library To Scrap Url'S From Search Engines

Fucking Search Engines Scraper - python library to scrap url's from search engines Search Engines we scrap Ask Bing DuckDuck GO UOL Yahoo Install git clone https://github.com/mthbernardes/fses.git cd fses pip install -r requeriments.txt Usage Simple search using Ask from searchEngines.ask import...

PYSEC-2017-24

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

PYSEC-2017-93

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

html5lib cross-site scripting vulnerability

html5lib is a Python library for parsing HTML. A cross-site scripting vulnerability exists in html5lib, which stems from the program's failure to adequately filter user-submitted input. The vulnerability can be exploited to execute arbitrary script code in a user's browser to steal cookie-based...

html5lib cross-site scripting vulnerability (CNVD-2017-00053)

html5lib is a Python library for parsing HTML. A cross-site scripting vulnerability exists in html5lib, which stems from the program's failure to adequately filter user-submitted input. The vulnerability can be exploited to execute arbitrary script code in a user's browser to steal cookie-based...

DEBIAN-CVE-2016-0772

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

python: smtplib StartTLS stripping attack

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...

python: http protocol steam injection attack

It was found that the Python's httplib library used by urllib, urllib2 and others did not properly check HTTPConnection.putheader function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values...

python: smtplib StartTLS stripping attack

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...

[SECURITY] Fedora 24 Update: python-rsa-3.4.1-1.fc24

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS1 version 1.5. It can be used as a Python library as well as on the command-line...

SQLChop - SQL Injection Detection Engine

SQLChop is a novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis. Web input URLPath, body, cookie, etc. will be first decoded to the raw payloads that web app accepts, then syntactical analysis will be performed on payload to classify result. The algorithm behi...

python: XMLRPC library unrestricted decompression of HTTP responses using gzip enconding

It was discovered that the Python xmlrpclib did not restrict the size of a gzip compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory...

impacket

Impacket ======== !Latest Versionhttps://img.shields.io/pyp...

[SECURITY] Fedora 20 Update: pyxdg-0.25-5.fc20

PyXDG is a python library to access freedesktop.org standards...