CVE-2018-6461

March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory...

Design/Logic Flaw

An issue was discovered in markdown2 aka python-markdown2 through 2.3.5. The safemode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '' character...

[SECURITY] Fedora 25 Update: rpkg-1.51-2.fc25

Python library for interacting with rpm+git...

[SECURITY] Fedora 26 Update: rpkg-1.51-2.fc26

Python library for interacting with rpm+git...

[SECURITY] Fedora 27 Update: rpkg-1.51-2.fc27

Python library for interacting with rpm+git...

CVE-2017-0906

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...

PYSEC-2017-68

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...

CVE-2017-0906

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...

CVE-2017-0906

The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources...

CVE-2017-0906

The CVE-2017-0906 SSRF flaw affects the Recurly Client Python Library prior to versions 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, and 2.6.2 in the Resource.get method. Root cause: server-side request forgery could allow an attacker to access API keys or other sensitive resources. Impact: potent...

[SECURITY] Fedora 26 Update: modulemd-1.3.2-1.fc26

A python library for manipulation of the proposed module metadata format...

Cross-Site Scripting (XSS)

Pypeline is vulnerable to cross-site scriptingXSS attacks. The Python library allows the passing of Javascript to the Markup processor...

0x-web3 (=5.0.0a5), a2grunnerp (>=0.1.0 <=0.1.8) +4110 more potentially affected by CVE-2015-5237 via protobuf (>=2.6.0 <=3.3.0)

protobuf PYPI version =2.6.0, =0.1.0, =0.1.0, =0.1.6, =1.0.2, =0.0.1b1, =0.2.5, =0.1.0, =1.0.0, =1.0.6 - academic-emotion =0.1.2 and more Source cves: CVE-2015-5237 Source advisory: OSV:PYSEC-2017-65...

fses - Python Library To Scrap Url'S From Search Engines

Fucking Search Engines Scraper - python library to scrap url's from search engines Search Engines we scrap Ask Bing DuckDuck GO UOL Yahoo Install git clone https://github.com/mthbernardes/fses.git cd fses pip install -r requeriments.txt Usage Simple search using Ask from searchEngines.ask import...

PYSEC-2017-24

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

PYSEC-2017-93

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

html5lib cross-site scripting vulnerability

html5lib is a Python library for parsing HTML. A cross-site scripting vulnerability exists in html5lib, which stems from the program's failure to adequately filter user-submitted input. The vulnerability can be exploited to execute arbitrary script code in a user's browser to steal cookie-based...

html5lib cross-site scripting vulnerability (CNVD-2017-00053)

html5lib is a Python library for parsing HTML. A cross-site scripting vulnerability exists in html5lib, which stems from the program's failure to adequately filter user-submitted input. The vulnerability can be exploited to execute arbitrary script code in a user's browser to steal cookie-based...

DEBIAN-CVE-2016-0772

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

python: smtplib StartTLS stripping attack

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...