CVE-2026-42312

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...

Tornado has a CRLF injection in CurlAsyncHTTPClient headers

Summary Tornado’s curlhttpclient.CurlAsyncHTTPClient class is vulnerable to CRLF carriage return/line feed injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return \r or line feed \n characters in the request headers...

new packages: python-pycurl

An update is available for python-pycurl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

ALBA-2020:1745 python-pycurl bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

python-pycurl bug fix and enhancement update

An update is available for python-pycurl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

python-pycurl bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

Denial Of Service (DoS)

pycurl is vulnerable to denial of service DoS. The vulnerability exists through a use-after-free weakness in HTTPPOST when using FORMBUFFERPTR, allowing an attacker to crash the application via a malicious unicode string...

Bruteforcing Web Applications: Wfuzz

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked directories, servlets, scripts, etc, bruteforce GET and POST parameters for checking different kind of injections SQL, XSS, LDAP,etc, bruteforce Forms parameters User/Password, Fuzzing,etc...

Fedora 22 : python-pycurl-7.19.5.1-3.fc22 (2015-0de8163795)

python-pycurl-7.19.5.1-4.fc23 - fix a use after free issue with unicode FORMBUFFERPTR 1277488 python-pycurl-7.19.5.1-3.fc22 - fix a use after free issue with unicode FORMBUFFERPTR 1277488 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Fedora 23 : python-pycurl-7.19.5.1-4.fc23 (2015-a26f0b0daf)

python-pycurl-7.19.5.1-4.fc23 - fix a use after free issue with unicode FORMBUFFERPTR 1277488 python-pycurl-7.19.5.1-3.fc22 - fix a use after free issue with unicode FORMBUFFERPTR 1277488 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

PycURL远程代码执行漏洞

简要描述： 利用pycurl上传文件时，如果文件内容是unicode类型，那么会产生Use After Free漏洞 详细说明： 文件名： pycurl\src\easy.c 如果setopt给定的FORMBUFFERPTR的内容是Unicode，如 curl.setoptpycurl.HTTPPOST, 'field2', pycurl.FORMBUFFER, 'uploaded.file', pycurl.FORMBUFFERPTR, u'test', 那么会进入如下流程: 代码1571行会先把unicode转换成str，ostr和olen，分别是str的字符串指针和长度...

PycURL Remote Code Execution Vulnerability

PycURL is a module similar to urllib Python get objects from Python programs via a URL. A remote code execution vulnerability exists in PycURL. An attacker could use the vulnerability to execute arbitrary code in the context of an affected application, which could also result in a denial of servi...

Fedora Update for python-pycurl FEDORA-2015-0

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UFONet Open Redirect DDoS Attack

UFONet – is a tool designed to launch DDoS attacks against a target, using ‘Open Redirect’ vectors on third party web applications, like botnet. See this links for more info: CWE-601:Open Redirect OWASP:URL Redirector Abuse Installing UFONet UFONet runs on many platforms. It requires Python 2.x.y...

Dexter (CasinoLoader) Panel - SQL Injection

No description provided by source. Exploit Title: Dexter CasinoLoader Panel SQLi Date: Feb, 13, 2014 Exploit Author: Brian Wallace @botnethunter Version: CasinoLoader Tested on: Windows 7, Ubuntu, Debian import pycurl import urllib import cStringIO import base64 import argparse import sys import...

Dexter CasinoLoader SQL Injection

Exploit Title: Dexter CasinoLoader Panel SQLi Date: Feb, 13, 2014 Exploit Author: Brian Wallace @botnethunter Version: CasinoLoader Tested on: Windows 7, Ubuntu, Debian import pycurl import urllib import cStringIO import base64 import argparse import sys import string import pygeoip version =...

Bitbot C2 Panel gate2.php - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Bitbot C2 Panel gate2.php SQLi + XSS Date: 08/19/2013 Exploit Author: Brian Wallace bwall aka @botnethunter Software Link: https://sourceforge.net/p/flippingbitbot/wiki/Home/ Vulnerable Virtual Machine including Bitbot Tested on...

Bitbot (C2 Web Panel) - gate2.php Multiple Vulnerabilities

Bitbot C2 Web Panel - gate2.php Multiple Vulnerabilities Exploit Title: Bitbot C2 Panel gate2.php SQLi + XSS Date: 08/19/2013 Exploit Author: Brian Wallace bwall aka @botnethunter Software Link: https://sourceforge.net/p/flippingbitbot/wiki/Home/ Vulnerable Virtual Machine including Bitbot Tested...