Py-Amsi - Scan Strings Or Files For Malware Using The Windows Antimalware Scan Interface

py-amsi is a library that scans strings or files for malware using the Windows Antimalware Scan Interface AMSI API. AMSI is an interface native to Windows that allows applications to ask the antivirus installed on the system to analyse a file/string. AMSI is not tied to Windows Defender. Antiviru...

Exploit for Injection in Vm2_Project Vm2

CVE-2023-30547 PoC Exploit for VM2 Sandbox Escape Vulnerabili...

CVE-2023-49797

CVE-2023-49797 affects PyInstaller-packaged Python apps and can lead to deletion of files in a privileged process under specific conditions (matplotlib or win32com present, run as administrator, and unprotected TEMP directory). Root cause: unprotected temporary file handling allows timing or dire...

Python Security Vulnerabilities

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.12.0 that stems from the fact that when using the empty...

selfpoc

It is an offensive tool for web exploitation. The repository con...

ConQuest Dicom Server 1.5.0d Remote Command Execution Exploit

!/usr/bin/env python3 --------------------------------------------------------- preauth rce poc for ConQuest Dicom Server 1.5.0d --------------------------------------------------------- 04.08.2023 @ 22:07 code610 blogspot com import socket target = '192.168.56.106' rport = 5678 pkt1 =...

python-werkzeug: high resource consumption leading to denial of service

A resource consumption flaw was found in python-werkzeug. If a specially crafted file is uploaded by a remote attacker, it may cause a denial of service...

PassBreaker - Command-line Password Cracking Tool Developed In Python

PassBreaker is a command-line password cracking tool developed in Python. It allows you to perform various password cracking techniques such as wordlist-based attacks and brute force attacks. Features Wordlist-based password cracking Brute force password cracking Support for multiple hash...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : python-cryptography vulnerabilities (USN-6539-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6539-1 advisory. It was discovered that the python-cryptography Cipher.updateinto function would incorrectly accept objects with immutable...

Fedora 38 : llhttp / python-aiohttp / uxplay (2023-bc1f081ca0)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-bc1f081ca0 advisory. Security fix for CVE-2023-47627 https://pagure.io/fesco/issue/3106 python-aiohttp 3.8.6 2023-10-07...

Fedora 39 : llhttp / python-aiohttp / uxplay (2023-5130a73b00)

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-5130a73b00 advisory. Security fix for CVE-2023-47627 https://pagure.io/fesco/issue/3106 python-aiohttp 3.8.6 2023-10-07...

Security Bulletin: IBM Cinder plug-in is affected by a vulnerability in the Python Pygments-2.14.0 package [CVE-2022-40896]

Summary The Python Pygments package, a syntax highlighting package, is used by IBM Cinder plug-in. Pygments-2.14.0 is vulnerable to Regular Expression Denial of Service ReDoS due to the usage of insecure regular expressions in SqlJinjaLexer class vulnerability CVE-2022-40896. Vulnerability Detail...

CVE-2023-49277

dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary...

Cross site scripting

dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary...

CVE-2023-49277 Reflected Cross-site Scripting Vulnerability in dpaste

dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary...

CVE-2023-49277

CVE-2023-49277 affects dpaste, a Django-based Python pastebin. The vulnerability is a reflected XSS in the expires parameter of the dpaste API, allowing an attacker to execute arbitrary JavaScript in a user’s browser. Public descriptions consistently state that versions older than dpaste v3.8 are...

CVE-2023-49277 Reflected Cross-site Scripting Vulnerability in dpaste

dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary...

CVE-2023-49277 Reflected Cross-site Scripting Vulnerability in dpaste

dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary...

Fedora: Security Advisory for python-gstreamer1 (FEDORA-2023-7bd66f219f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Python [CVE-2022-48564]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Python, caused by a flaw in the readints function in plistlib.py CVE-2022-48564. Python is used in our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the...