Cross-Site Scripting (XSS)

Pypeline is vulnerable to cross-site scriptingXSS attacks. The Python library allows the passing of Javascript to the Markup processor...

0x-web3 (=5.0.0a5), a2grunnerp (>=0.1.0 <=0.1.8) +4110 more potentially affected by CVE-2015-5237 via protobuf (>=2.6.0 <=3.3.0)

protobuf PYPI version =2.6.0, =0.1.0, =0.1.0, =0.1.6, =1.0.2, =0.0.1b1, =0.2.5, =0.1.0, =1.0.0, =1.0.6 - academic-emotion =0.1.2 and more Source cves: CVE-2015-5237 Source advisory: OSV:PYSEC-2017-65...

fses - Python Library To Scrap Url'S From Search Engines

Fucking Search Engines Scraper - python library to scrap url's from search engines Search Engines we scrap Ask Bing DuckDuck GO UOL Yahoo Install git clone https://github.com/mthbernardes/fses.git cd fses pip install -r requeriments.txt Usage Simple search using Ask from searchEngines.ask import...

PYSEC-2017-24

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

PYSEC-2017-93

A HTTP/2 implementation built using any version of the Python priority library prior to version 1.2.0 could be targeted by a malicious peer by having that peer assign priority information for every possible HTTP/2 stream ID. The priority tree would happily continue to store the priority informati...

html5lib cross-site scripting vulnerability

html5lib is a Python library for parsing HTML. A cross-site scripting vulnerability exists in html5lib, which stems from the program's failure to adequately filter user-submitted input. The vulnerability can be exploited to execute arbitrary script code in a user's browser to steal cookie-based...

html5lib cross-site scripting vulnerability (CNVD-2017-00053)

html5lib is a Python library for parsing HTML. A cross-site scripting vulnerability exists in html5lib, which stems from the program's failure to adequately filter user-submitted input. The vulnerability can be exploited to execute arbitrary script code in a user's browser to steal cookie-based...

DEBIAN-CVE-2016-0772

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

python: smtplib StartTLS stripping attack

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...

python: http protocol steam injection attack

It was found that the Python's httplib library used by urllib, urllib2 and others did not properly check HTTPConnection.putheader function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values...

python: smtplib StartTLS stripping attack

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...

[SECURITY] Fedora 24 Update: python-rsa-3.4.1-1.fc24

Python-RSA is a pure-Python RSA implementation. It supports encryption and decryption, signing and verifying signatures, and key generation according to PKCS1 version 1.5. It can be used as a Python library as well as on the command-line...

SQLChop - SQL Injection Detection Engine

SQLChop is a novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis. Web input URLPath, body, cookie, etc. will be first decoded to the raw payloads that web app accepts, then syntactical analysis will be performed on payload to classify result. The algorithm behi...

python: XMLRPC library unrestricted decompression of HTTP responses using gzip enconding

It was discovered that the Python xmlrpclib did not restrict the size of a gzip compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory...

The vulnerability of the CentOS operating system, which allows a malicious attacker to compromise the accessibility of protected information

The vulnerability of the libxml2-python-2.9.1 package on the CentOS operating system can lead to a violation of the accessibility of protected information. This vulnerability can be exploited remotely...

impacket

Impacket ======== !Latest Versionhttps://img.shields.io/pyp...

[SECURITY] Fedora 20 Update: pyxdg-0.25-5.fc20

PyXDG is a python library to access freedesktop.org standards...

[SECURITY] Fedora 19 Update: pyxdg-0.25-5.fc19

PyXDG is a python library to access freedesktop.org standards...

ESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)

The remote VMware ESXi host is version 5.1 prior to build 2323236. It is, therefore, affected by the following vulnerabilities in bundled third-party libraries : - Multiple vulnerabilities exist in the bundled Python library. CVE-2011-3389, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150,...

Bypassing blacklists based on IPy

IPy is a Python "class and tools for handling of IPv4 and IPv6 addresses and networks" https://github.com/haypo/python-ipy. This library is sometimes used to implement blacklists forbidding internal, private or loopback addresses. Using octal encoding supported by urllib2, it is possible to bypas...