EUVD-2019-19301

Malware in sbrugna...

USN-5948-1: Werkzeug vulnerabilities

It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies. CVE-2023-23934 It was discovered that Werkzeug could be made to process unlimited number of multipart form data parts. A remote attacke...

K28622040: Python vulnerability CVE-2019-9948

Security Advisory Description urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call. CVE-2019-9948 Impac...

Amazon Linux AMI : python34, python35 (ALAS-2020-1429)

The version of python34 installed on the remote host is prior to 3.4.10-1.51. The version of python35 installed on the remote host is prior to 3.5.9-1.27. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1429 advisory. In Lib/tarfile.py in Python through 3.8.3...

Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2020-1643)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : python (EulerOS-SA-2019-2653)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly pars...

CVE-2019-18348

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...

CVE-2019-18348

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...

PSF-2019-7 CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...

PSF-2019-5 email.utils.parseaddr mistakenly parse an email

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To header...

Amazon Linux AMI : python27 (ALAS-2019-1258)

A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies,...

Amazon Linux 2 : python3 (ALAS-2019-1247)

An issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that lacks a ? character followed b...

CVE-2019-9947

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

PSF-2019-12 urllib module local_file:// scheme

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

CVE-2019-9947

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

Celerystalk - An Asynchronous Enumeration and Vulnerability Scanner

celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs aka tasks while retaining full control of which tools you want to run. Configurable - Some common tools are in the default config, but you can add any tool you want Service Aware - Uses nmap/nessus...

ShellPop - Pop Shells Like A Master

Pop shells like a master Shell pop is all about popping shells. With this tool you can generate easy and sofisticated reverse or bind shell commands to help you during penetration tests. Don't waste more time with .txt files storing your Reverse shells! Installation Python 2.x is required. 3.0+...

Python 2.x Buffer Overflow

!/usr/bin/env python Exploit : Python 2.x Buffer Overflow POC Tested on : Windows XP , Windows 7 Authors : Sultan Albalawi & Chaitanya @bofheaded Discovery date : 21/jan/2017 GitHub : https://github.com/ChaitanyaHaritash/My-Exploits/blob/master/python2.xbof.py Video : https://youtu.be/hcc6Y55PWBg...

Hsecscan - A Security Scanner For HTTP Response Headers

hsecscan A security scanner for HTTP response headers. Requirements Python 2.x Usage $ ./hsecscan.py usage: hsecscan.py -h -P -p -u URL -R -U User-Agent -d 'POST data' -x PROXY A security scanner for HTTP response headers. optional arguments: -h, --help show this help message and exit -P,...