CVE-2022-32151

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority CA certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries...

Debian DSA-5138-1 : waitress - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5138 advisory. It was discovered that the Waitress WSGI server was susceptible to HTTP request smuggling in some scenarios when used behind a proxy. For the oldstable distribution...

AlmaLinux 8 : python3 (ALSA-2022:1986)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1986 advisory. - A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP...

Zircolite - A Standalone SIGMA-based Detection Tool For EVTX, Auditd And Sysmon For Linux Logs

Standalone SIGMA-based detection tool for EVTX, Auditd, Sysmon for linux or JSONL/NDJSON Logs Zircolite is a standalone tool written in Python 3. It allows to use SIGMA rules on MS Windows EVTX EVTX and JSONL format, Auditd logs and Sysmon for Linux logs Zircolite can be used directly on the...

Code injection

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and...

CVE-2022-24761

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and...

CVE-2022-24761 HTTP Request Smuggling in waitress

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and...

AlmaLinux 8 : python3 (ALSA-2021:4399)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:4399 advisory. - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server coul...

Autotimeliner - Automagically Extract Forensic Timeline From Volatile Memory Dump

Automagically extract forensic timeline from volatile memory dumps. Requirements Python 3 Volatility mactime from SleuthKit Developed and tested on Debian 9.6 with Volatility 2.6-1 and sleuthkit 4.4.0-5 How it works AutoTimeline automates this workflow: Identify correct volatility profile for the...

IDACode - An Integration For IDA And VS Code Which Connects Both To Easily Execute And Debug IDAPython Scripts

IDACode makes it easy to execute and debug Python scripts in your IDA environment without leaving Visual Studio Code. The VS Code extension can be found on the marketplace. IDACode is still in a very early state and bugs are to be expected. Please open a new issue if you encounter any issues...

Mageia: Security Advisory (MGASA-2021-0193)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Log4J-Detect - Script To Detect The "Log4j" Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading

Simple Python 3 script to detect the "Log4j" Java library vulnerability CVE-2021-44228 for a list of URL with multithreading The script "log4j-detect.py" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228. To do so, it sends a GET request...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

CVE-2019-9053 CVE-2019-9053 Exploit for Python 3 Last tested...

SUSE SLES15 Security Update : python3 (SUSE-SU-2021:4015-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4015-2 advisory. - There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent...

Oracle Linux 8 : python27:2.7 (ELSA-2021-4151)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4151 advisory. - In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-27619 - The packag...

Toutatis - A Tool That Allows You To Extract Information From Instagrams Accounts Such As E-Mails, Phone Numbers And More

Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails, phone numbers and more Prerequisite Python 3 ️ Installation With PyPI pip install toutatis With Github git clone https://github.com/megadose/toutatis.git cd toutatis/ python3 setup.py install ...

FakeDataGen - Full Valid Fake Data Generator

FakeDataGen is a Full Valid Fake Data Generator. This tool helps you to create fake accounts in Spanish format with fully valid data. Within this information, you can find the most common names, emails, bank details and other useful information. Requirements Python 3 Install requirements.txt...

Authentication flaw

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

CVE-2021-41281

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...

CVE-2021-41281 Path traversal in Matrix Synapse

Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. T...