«
Expand/Collapse
355 items tagged "python"
Related tags:
web [+],
security [+],
ssh [+],
reverse dns [+],
hash collision [+],
hash [+],
denial [+],
collision [+],
smartd [+],
mdvsa [+],
hacks [+],
code execution [+],
bugtraq [+],
stegano [+],
sieve of eratosthenes [+],
routers [+],
red [+],
python application [+],
oriented programming language [+],
lsb [+],
hostbox [+],
hat [+],
darkb [+],
carmichael numbers [+],
audioop [+],
ascii messages [+],
array operations [+],
Software [+],
python script [+],
sql [+],
root [+],
memory [+],
mandriva linux [+],
linux [+],
irc [+],
chaos communication congress [+],
script [+],
usa [+],
urllib [+],
update [+],
social networks [+],
simplexmlrpcserver [+],
search path [+],
search [+],
rich smith [+],
randomization [+],
pam [+],
modules [+],
list [+],
information disclosure [+],
header values [+],
guard [+],
dsa [+],
django [+],
command execution [+],
brute [+],
binary xml [+],
anontwi [+],
android [+],
androguard [+],
yingzhi [+],
web gateway [+],
web configurator [+],
utility [+],
ubuntu [+],
toolkit [+],
tester [+],
symantec [+],
subdomains [+],
subdomain [+],
spoof [+],
small [+],
security notice [+],
reverse engineering [+],
red hat security [+],
random value [+],
python web [+],
python versions [+],
python programming language [+],
python implementation [+],
python bindings [+],
pypy [+],
pypirc [+],
pypam [+],
protocols [+],
proof of concept [+],
port scanning [+],
port [+],
phptax [+],
path [+],
paster [+],
page finder [+],
page [+],
multiple [+],
microsoft [+],
microcontrollers [+],
memory corruption [+],
mandriva [+],
mac [+],
linux security [+],
leverages [+],
integer overflow vulnerability [+],
implementation [+],
ifconfig [+],
holger krekel [+],
hidemac [+],
group [+],
gateway [+],
fuzz [+],
execution [+],
engineering [+],
encoding algorithm [+],
empty string [+],
distutils [+],
darkbc [+],
corruption [+],
control flow graphs [+],
codetective [+],
code [+],
checker [+],
carl friedrich bolz [+],
buffer overflow vulnerability [+],
big ip [+],
backdoor [+],
authentication [+],
asoc [+],
armin rigo [+],
arbitrary code [+],
analysis tool [+],
analysis [+],
advanced [+],
admin [+],
acti [+],
sql injection [+],
inclusion [+],
zsize [+],
word list [+],
whitepaper [+],
web hackers [+],
video [+],
uri [+],
ulrich von zadow [+],
tor [+],
text [+],
target urls [+],
talk [+],
system deployment [+],
system [+],
ssl module [+],
sorted [+],
slow [+],
site [+],
simplehttpserver [+],
service [+],
script source code [+],
reverse [+],
python version [+],
python software [+],
python interface [+],
pyfribidi [+],
pyclamd [+],
pakyu [+],
nathan hamiel [+],
modul [+],
mac os x [+],
mac os [+],
list directory [+],
key generation [+],
interface [+],
injection [+],
information disclosure vulnerability [+],
gid [+],
fribidi [+],
free [+],
force [+],
files [+],
file uploads [+],
file [+],
feedparser [+],
exploits [+],
elements [+],
dns [+],
directory traversal vulnerability [+],
directory function [+],
directory [+],
dictionary file [+],
detection capabilities [+],
cryptedfilekeyring [+],
cross site scripting [+],
cross [+],
component [+],
cgihttpserver [+],
cenloder [+],
bruteforcer [+],
brute force [+],
board [+],
application programming interfaces [+],
application [+],
Programming [+],
Hardware [+],
google [+],
dark [+],
denial of service [+],
subdomain names [+],
quickrecon [+],
bing [+],
writeup [+],
world of computers [+],
web applications [+],
virtualenvwrapper [+],
untrusted [+],
tweepy [+],
trytond [+],
traversal [+],
tags hardware [+],
ssl certificates [+],
ssl certificate [+],
sprinklers [+],
sprinkler system [+],
sprinkler [+],
splunk [+],
spi [+],
source [+],
slides [+],
setargv [+],
serial devices [+],
serial [+],
security vulnerability [+],
security advisory [+],
scope [+],
rle [+],
rigol [+],
rick [+],
richard [+],
rgbimg [+],
remote viewing [+],
real world [+],
read [+],
raspberry [+],
python tool [+],
python scripts [+],
python package [+],
python objects [+],
python code [+],
python applications [+],
pysys [+],
pycrypto [+],
post [+],
poc [+],
piston [+],
pins [+],
pic [+],
package [+],
oscilloscope [+],
nick waite [+],
music [+],
multiple buffer overflow [+],
microcontroller [+],
math [+],
linux usage [+],
library [+],
leds [+],
led meter [+],
led [+],
language [+],
key [+],
john [+],
joe ptiz [+],
input peripherals [+],
input devices [+],
input [+],
hook up [+],
home [+],
hardware hacking [+],
hardware description [+],
gpio [+],
gadget [+],
friend [+],
fpgas [+],
forefront [+],
fades [+],
exploitdb [+],
eric [+],
electronics projects [+],
development [+],
dave [+],
control [+],
computer [+],
chips [+],
bytecode [+],
buffer overflow vulnerabilities [+],
browser [+],
bridges [+],
bridge [+],
black hat [+],
binary strings [+],
automation [+],
audio [+],
arduino [+],
Rasberry [+],
ExploitsVulnerabilities [+],
BackTrack [+],
vulnerability [+],
service vulnerability [+],
scanner [+],
module [+],
tool [+],
zlib,
zip,
xml,
wpbruteforcer,
wordpress,
wireless mouse,
winappdbg,
win32 api,
weberp,
web application,
wanna,
vulnerabilities,
vbulletin,
usn,
upload,
unicode,
unexpected value,
txt,
trace execution,
tero rontti,
techb,
target domain,
tar gz,
tar,
ssl certificate common name,
ssl,
spiderpig,
simple,
sig,
shellcodeencdec,
shell,
serverchk,
server library,
server,
sense code,
security vulnerabilities,
scripting,
scapy,
rewriteproxy,
remote shell,
remote buffer overflow vulnerability,
remote buffer overflow,
rar,
python programmers,
python packages,
python library,
python language,
python ftp,
python cjson,
pycryptopp,
probleme,
pornhub,
perl,
peripherals,
pentest,
pdf,
paste,
openoffice,
oot,
old hat,
office productivity suite,
office,
nkit,
new,
netcat,
nbsp,
mp3 file,
mp3 decoder,
mouse interface,
mouse,
mel,
medical,
matt giuca,
mac osx,
mac address list,
loggato,
log file analyzer,
log,
live,
link,
librarie,
lessons,
lan scanner,
knock,
joomscan,
invalid pointer,
integer overflow,
instrumentation,
installing,
imageop,
help,
heap,
harald scan,
hacking,
glsa,
gettorexitnode,
function,
full disclosure,
ftpbrute,
ftp,
exit,
evans,
error,
emotiv,
eeg,
domain policy,
dnsspoofer,
dnsfucker,
dns spoofing,
disclosure,
device,
developer,
denial of service attacks,
decoding,
decoder,
debugger,
debian linux,
cryptography algorithms,
cryptography,
crypto library,
constricting,
com,
cody brocious,
clone,
ciao,
character encoding,
character,
certificate,
buffer overflows,
buffer overflow,
buffer,
bluetooth,
attempts,
asyncore,
ascii,
application crash,
and,
abstraction layer,
Tools,
Generali,
Fixes,
Discussioni,
Bugs
-
-
9:54
»
Packet Storm Security Recent Files
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
-
9:54
»
Packet Storm Security Recent Files
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
-
9:54
»
Packet Storm Security Tools
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
-
9:54
»
Packet Storm Security Tools
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
-
9:54
»
Packet Storm Security Misc. Files
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
-
9:54
»
Packet Storm Security Misc. Files
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
-
-
8:51
»
Packet Storm Security Recent Files
AnonTwi is a free software python client designed to navigate anonymously on social networks. It supports Identi.ca and Twitter.com. It can leverages proxying, randomization of header values, send fake geolocation data, and more.
-
8:51
»
Packet Storm Security Tools
AnonTwi is a free software python client designed to navigate anonymously on social networks. It supports Identi.ca and Twitter.com. It can leverages proxying, randomization of header values, send fake geolocation data, and more.
-
8:51
»
Packet Storm Security Tools
AnonTwi is a free software python client designed to navigate anonymously on social networks. It supports Identi.ca and Twitter.com. It can leverages proxying, randomization of header values, send fake geolocation data, and more.
-
8:51
»
Packet Storm Security Misc. Files
AnonTwi is a free software python client designed to navigate anonymously on social networks. It supports Identi.ca and Twitter.com. It can leverages proxying, randomization of header values, send fake geolocation data, and more.
-
-
9:30
»
Hack a Day
If you’re into microcontrollers you know the ability to think and perform math in binary is a must. [Joe Ptiz] has been looking for a way to keep from being distract by the math when coding while still keeping the binary strings in the forefront of his mind. The solution he came up with is [...]
-
-
16:00
»
SecuriTeam
Python tweepy library is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from the server.
-
-
14:28
»
Packet Storm Security Recent Files
pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.
-
14:28
»
Packet Storm Security Misc. Files
pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.
-
-
12:01
»
Hack a Day
Not knowing what’s going on inside of your electronics projects can make it quite difficult to get the bugs out. [John] was bumping up against this problem when working on wireless communications between several devices. At just about the same time his friend came up with a script with lets you monitor multiple serial devices in one [...]
-
-
15:01
»
Hack a Day
This little LED rig fades in time to music. The hardware itself is quite simple, some LEDs connected to the PWM pins of an Arduino. But the signal processing is happening on a computer using a Python script. Many of the projects we see which pulse lights to music use the MSGEQ7 chip to perform [...]
-
-
23:05
»
Packet Storm Security Advisories
Ubuntu Security Notice 1613-2 - USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. Various other issues were also addressed.
-
23:05
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1613-2 - USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. Various other issues were also addressed.
-
23:05
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1613-2 - USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. Various other issues were also addressed.
-
2:45
»
Packet Storm Security Tools
Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
-
2:22
»
Packet Storm Security Recent Files
Smartd0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors. It is based on darkd0rk3r.
-
2:22
»
Packet Storm Security Tools
Smartd0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors. It is based on darkd0rk3r.
-
2:22
»
Packet Storm Security Misc. Files
Smartd0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors. It is based on darkd0rk3r.
-
-
5:12
»
Packet Storm Security Tools
Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
-
-
19:59
»
Packet Storm Security Exploits
YingZhi Python version 1.9 application for iOS allows for arbitrary file uploads to the root WWW directory and also has a ftp server directory traversal vulnerability that forces no authentication.
-
19:59
»
Packet Storm Security Misc. Files
YingZhi Python version 1.9 application for iOS allows for arbitrary file uploads to the root WWW directory and also has a ftp server directory traversal vulnerability that forces no authentication.
-
-
21:28
»
SecDocs
Authors:
Armin Rigo Carl Friedrich Bolz Holger Krekel Tags:
python Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: We present our first self-contained Python virtual machine that uses parts of itself to translate itself to low level languages ("the Muenchhausen approach"). The PyPy approach could solve problems at language/interpreter-level that formerly required complex frameworkish solutions at user-level. PyPy is a reimplementation of Python written in Python itself, flexible and easy to experiment with. Our long-term goals are to target a large variety of platforms, small and large, by adapting the compiler toolsuite we developed to produce custom Python versions. Platform, Memory and Threading models will become aspects of the translation process - as opposed to encoding low level details into a language implementation itself. Basically, we think it's a good way to avoid writing n x m x o interpreters for n dynamic languages and m platforms with o crucial design decisions. In PyPy any one of these can be changed independently. We are going to briefly describe the concepts of object spaces, abstract interpretation and translation aspects and how they led us to a first self-contained very compliant Python implementation in August 2005, completely independent from the current mainstream CPython implementation. We go through a translation example of a Python program with control-flow-graphs and the according translated lowlevel C and LLVM (Low level Virtual Machine) code. We'll also try to relate PyPy's architectural concepts (known roughly for 2-3 years now) to similar upcoming concepts in e.g. pugs/Perl 6 development and we'll give an outlook on our starting Just-In-Time Compiler efforts and approaches. Lastly, we intend to discuss experimental new language/interpreter-level solutions to long-standing problems such as distributed computing, persistence and security/sandboxing. Development of PyPy is partly funded by the European Union during the 6th Research Framework programme.
-
21:28
»
SecDocs
Authors:
Armin Rigo Carl Friedrich Bolz Holger Krekel Tags:
python Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: We present our first self-contained Python virtual machine that uses parts of itself to translate itself to low level languages ("the Muenchhausen approach"). The PyPy approach could solve problems at language/interpreter-level that formerly required complex frameworkish solutions at user-level. PyPy is a reimplementation of Python written in Python itself, flexible and easy to experiment with. Our long-term goals are to target a large variety of platforms, small and large, by adapting the compiler toolsuite we developed to produce custom Python versions. Platform, Memory and Threading models will become aspects of the translation process - as opposed to encoding low level details into a language implementation itself. Basically, we think it's a good way to avoid writing n x m x o interpreters for n dynamic languages and m platforms with o crucial design decisions. In PyPy any one of these can be changed independently. We are going to briefly describe the concepts of object spaces, abstract interpretation and translation aspects and how they led us to a first self-contained very compliant Python implementation in August 2005, completely independent from the current mainstream CPython implementation. We go through a translation example of a Python program with control-flow-graphs and the according translated lowlevel C and LLVM (Low level Virtual Machine) code. We'll also try to relate PyPy's architectural concepts (known roughly for 2-3 years now) to similar upcoming concepts in e.g. pugs/Perl 6 development and we'll give an outlook on our starting Just-In-Time Compiler efforts and approaches. Lastly, we intend to discuss experimental new language/interpreter-level solutions to long-standing problems such as distributed computing, persistence and security/sandboxing. Development of PyPy is partly funded by the European Union during the 6th Research Framework programme.
-
21:28
»
SecDocs
Authors:
Armin Rigo Carl Friedrich Bolz Holger Krekel Tags:
python Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: We present our first self-contained Python virtual machine that uses parts of itself to translate itself to low level languages ("the Muenchhausen approach"). The PyPy approach could solve problems at language/interpreter-level that formerly required complex frameworkish solutions at user-level. PyPy is a reimplementation of Python written in Python itself, flexible and easy to experiment with. Our long-term goals are to target a large variety of platforms, small and large, by adapting the compiler toolsuite we developed to produce custom Python versions. Platform, Memory and Threading models will become aspects of the translation process - as opposed to encoding low level details into a language implementation itself. Basically, we think it's a good way to avoid writing n x m x o interpreters for n dynamic languages and m platforms with o crucial design decisions. In PyPy any one of these can be changed independently. We are going to briefly describe the concepts of object spaces, abstract interpretation and translation aspects and how they led us to a first self-contained very compliant Python implementation in August 2005, completely independent from the current mainstream CPython implementation. We go through a translation example of a Python program with control-flow-graphs and the according translated lowlevel C and LLVM (Low level Virtual Machine) code. We'll also try to relate PyPy's architectural concepts (known roughly for 2-3 years now) to similar upcoming concepts in e.g. pugs/Perl 6 development and we'll give an outlook on our starting Just-In-Time Compiler efforts and approaches. Lastly, we intend to discuss experimental new language/interpreter-level solutions to long-standing problems such as distributed computing, persistence and security/sandboxing. Development of PyPy is partly funded by the European Union during the 6th Research Framework programme.
-
-
21:28
»
SecDocs
Authors:
Ulrich von Zadow Tags:
technology Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Using Python, a large variety of media-oriented systems can be scripted with very little effort. The talk will explore the available libraries for 2d and 3d graphics, video and sound and describe real-world experiences in deploying these systems. Multimedia on linux has made great progress. A few years ago, video support was very limited, low-latency-audio was impossible, getting jitter-free performance was a nightmare and fonts were rendered with a quality that made any designer cringe. This has changed. One language that has been used successfully in many multimedia systems is python. The talk will look at what is required to set up a multimedia system with python. While the focus will be on installations in public or semi-public areas (museums, showrooms, the c-base), many of the techniques can be used in other areas as well. Most of the talk will cover Linux-based systems, with some references to the possibilities of Mac OS X systems.
-
21:28
»
SecDocs
Authors:
Ulrich von Zadow Tags:
technology Event:
Chaos Communication Congress 22th (22C3) 2005 Abstract: Using Python, a large variety of media-oriented systems can be scripted with very little effort. The talk will explore the available libraries for 2d and 3d graphics, video and sound and describe real-world experiences in deploying these systems. Multimedia on linux has made great progress. A few years ago, video support was very limited, low-latency-audio was impossible, getting jitter-free performance was a nightmare and fonts were rendered with a quality that made any designer cringe. This has changed. One language that has been used successfully in many multimedia systems is python. The talk will look at what is required to set up a multimedia system with python. While the focus will be on installations in public or semi-public areas (museums, showrooms, the c-base), many of the techniques can be used in other areas as well. Most of the talk will cover Linux-based systems, with some references to the possibilities of Mac OS X systems.
-
5:01
»
Hack a Day
We see projects here all the time that blend computing with the real world. Some people are naturally stronger on the mechanical end of things, whereas some are better with electronics or coding. All three specialities can be needed depending on your project. If your weakness lies in making a computer do your bidding, I [...]
-
-
18:31
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1206-01 - Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root user. Running "paster serve" as root to start a Python web application that will run as a non-root user and group resulted in that application running with root group privileges. This could possibly allow a remote attacker to gain access to files that should not be accessible to the application.
-
18:31
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1206-01 - Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root user. Running "paster serve" as root to start a Python web application that will run as a non-root user and group resulted in that application running with root group privileges. This could possibly allow a remote attacker to gain access to files that should not be accessible to the application.
-
18:31
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1206-01 - Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root user. Running "paster serve" as root to start a Python web application that will run as a non-root user and group resulted in that application running with root group privileges. This could possibly allow a remote attacker to gain access to files that should not be accessible to the application.
-
5:22
»
Packet Storm Security Tools
Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
-
1:22
»
Packet Storm Security Tools
Smartd0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors. It is based on darkd0rk3r.
-
7:01
»
Hack a Day
Now instead of wrangling Python or PHP to do your bidding, [Eric] came up with a way to control the GPIO pins on his Raspberry Pi in a browser. [Eric] calls his project WebIOPi, and it’s the perfect tool if you’d just like to blink a LED or control a relay over the internet. Simply [...]
-
-
7:33
»
Packet Storm Security Recent Files
Smartd0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors. It is based on darkd0rk3r.
-
7:33
»
Packet Storm Security Tools
Smartd0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors. It is based on darkd0rk3r.
-
7:33
»
Packet Storm Security Misc. Files
Smartd0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors. It is based on darkd0rk3r.
-
-
15:29
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. The _ssl module would always disable the CBC IV attack countermeasure. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file. A race condition was found in the way the Python distutils module set file permissions during the creation of the.pypirc file. Various other issues were also addressed.
-
15:29
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. The _ssl module would always disable the CBC IV attack countermeasure. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file. A race condition was found in the way the Python distutils module set file permissions during the creation of the.pypirc file. Various other issues were also addressed.
-
-
22:28
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. Various other issues have also been addressed. The updated packages have been patched to correct these issues.
-
-
8:26
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0745-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
-
8:26
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0745-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
-
8:26
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0745-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
-
8:26
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0744-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
-
8:26
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0744-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
-
8:26
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0744-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.
-
-
17:00
»
SecuriTeam
Python 'virtualenvwrapper' package is prone to an unspecified security vulnerability.
-
-
7:01
»
Hack a Day
If you’ve ever wanted to jump into the world of FPGAs but don’t want to learn yet another language, you can now program an FPGA with Python. PyCPU converts very, very simple Python code into either VHDL or Verilog. From this, a hardware description can be uploaded to an FPGA. The portion of the Python language [...]
-
-
7:28
»
Packet Storm Security Tools
Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
-
18:26
»
Packet Storm Security Tools
darkBing is a tool written in python that leverages bing for mining data on systems that may be susceptible to SQL injection.
-
-
7:01
»
Hack a Day
While a fancy Rigol 1052E oscilloscope is a great tool and a wonderful portable oscilloscope we heartily recommend, sometimes you just need to use the more ‘advanced’ functions of an oscilloscope. Luckily, [cibomahto] figured out how to use a Rigol scope with Python, allowing for easy remote viewing and control of a Rigol 1052E ‘scope on [...]
-
-
10:22
»
Packet Storm Security Recent Files
This tool is for fuzzing different protocols such as FTP, HTTP, IMAP, and more. It also has no-protocol plugins like a file fuzzer. Written in Python.
-
10:22
»
Packet Storm Security Tools
This tool is for fuzzing different protocols such as FTP, HTTP, IMAP, and more. It also has no-protocol plugins like a file fuzzer. Written in Python.
-
10:22
»
Packet Storm Security Misc. Files
This tool is for fuzzing different protocols such as FTP, HTTP, IMAP, and more. It also has no-protocol plugins like a file fuzzer. Written in Python.
-
-
11:49
»
Hack a Day
Want to monitor the company system without continually loading up the Splunk dashboard? It turns out that they’ve got their own Python package which makes pulling down data a snap. All [Rick] needed to do was hook up an LED meter as an external display. It used to be that this would take a lot [...]
-
-
17:01
»
Packet Storm Security Recent Files
darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.
-
17:01
»
Packet Storm Security Misc. Files
darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.
-
-
16:01
»
Hack a Day
[Richard] sent in a link to the Python controlled microcontroller he’s been working on. Unlike the previous portable Python boards we’ve seen, [Richard] thinks his pyMCU isn’t best used autonomously. This board is meant to be used only when connected to a computer and to serve as a bridge between the digital world of computers and our [...]
-
3:11
»
Packet Storm Security Recent Files
darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.
-
3:11
»
Packet Storm Security Misc. Files
darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.
-
-
4:11
»
Packet Storm Security Recent Files
darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.
-
4:11
»
Packet Storm Security Misc. Files
darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.
-
6:55
»
Packet Storm Security Recent Files
darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.
-
6:55
»
Packet Storm Security Misc. Files
darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.
-
21:45
»
Packet Storm Security Tools
Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
-
8:37
»
Packet Storm Security Tools
Codetective is a simple tool to determine the crypto/encoding algorithm used according to traces of its representation. Written in Python.
-
16:39
»
Packet Storm Security Tools
Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
-
16:24
»
Packet Storm Security Tools
Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
-
9:54
»
Packet Storm Security Tools
Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
-
-
16:48
»
Packet Storm Security Recent Files
A MAC changing utility that uses both ifconfig and GNU-Macchanger (checks if mac changer exists, if not, uses ifconfig) to spoof ones MAC with a totally random value. Written in Python.
-
16:48
»
Packet Storm Security Tools
A MAC changing utility that uses both ifconfig and GNU-Macchanger (checks if mac changer exists, if not, uses ifconfig) to spoof ones MAC with a totally random value. Written in Python.
-
16:48
»
Packet Storm Security Misc. Files
A MAC changing utility that uses both ifconfig and GNU-Macchanger (checks if mac changer exists, if not, uses ifconfig) to spoof ones MAC with a totally random value. Written in Python.
-
-
8:24
»
Hack a Day
One thing that annoyed [Jashua] to no end was hearing his automated sprinkler system kick on in the middle of the night, when it had rained earlier in the day. He wished that his sprinklers were a bit smarter, so he decided to give the system an upgrade. Rather than pay hundreds of dollars for [...]
-
-
13:01
»
Hack a Day
You might already have the hardware on hand to easily interface I2C and SPI devices with Python scripts on your computer. The board seen above is an FT-2232 breakout board. These chips are often used to facilitate JTAG programming via USB, but they have other features that might be useful to you as well. The [...]
-
-
15:02
»
Packet Storm Security Recent Files
Androguard (Android Guard) is a tool written in python to play with .class, .dex, APK, JAR, and Android's binary XML files. It allows you to perform diffing of Android applications, measure similarities, check if it is malware, and more.
-
15:02
»
Packet Storm Security Tools
Androguard (Android Guard) is a tool written in python to play with .class, .dex, APK, JAR, and Android's binary XML files. It allows you to perform diffing of Android applications, measure similarities, check if it is malware, and more.
-
15:02
»
Packet Storm Security Tools
Androguard (Android Guard) is a tool written in python to play with .class, .dex, APK, JAR, and Android's binary XML files. It allows you to perform diffing of Android applications, measure similarities, check if it is malware, and more.
-
15:02
»
Packet Storm Security Misc. Files
Androguard (Android Guard) is a tool written in python to play with .class, .dex, APK, JAR, and Android's binary XML files. It allows you to perform diffing of Android applications, measure similarities, check if it is malware, and more.
-
13:01
»
Hack a Day
The team at LeafLabs was looking for something cool to do with their new ARM development board. [AJ] asked if anyone had ever played around with Python, so [Dave] cooked up an implementation of PyMite and put it on a Maple board. While the writeup is only about blinking a LED with a microcontroller, they’re [...]
-
-
13:56
»
SecDocs
Authors:
Rich Smith Tags:
reverse engineering python Event:
Black Hat USA 2010 Abstract: Increasing numbers of commercial and closed source applications are being developed in Python. The Developers of these applications are investing increasing amounts to stop people being able to see their source code through by a variety of bytecode obfuscation efforts. At the same time Python is an increasingly present component of 'The Cloud' where traditional decompilation techniques fall down through lack of access to files on disk. This presentation outlines a methodology, and releases a toolkit, to be able to reverse obfuscated Python applications from live objects in memory as well as showing how to defeat the obfuscation techniques commonly employed today. This will allow people to find bugs in code that was previously opaque to them.
-
-
0:41
»
SecDocs
Authors:
Marcin Wielgoszewski Nathan Hamiel Tags:
web application web python Event:
Black Hat USA 2010 Abstract: It seems that everything is a web application nowadays. Whether the application is cloud-based, mobile, or even fat client they all seem to be using web protocols to communicate. Adding to the traditional landscape there is rise in the use of application programming interfaces, integration hooks, and next generation web technologies. What this means for someone testing web applications is that flexibility is the key to success. The Python programming language is just as flexible as today’s web application platforms. The language is appealing to security professionals because it is easy to read and write, has a wide variety of modules, and has plenty of resources for help. This additional flexibility affords the tester greater depth than many of the canned tests that come with common tools they use on a daily basis. Greater familiarity plus flexible language equals tester win! In this presentation we introduce methods with which to create your own clients, tools, and test cases using the Python programming language. We want to put testers closer to the conditions in which they are testing for and arm them with the necessary resources to be successful. We also discuss interfacing with current tools that people commonly use for web application testing. This allows for pinpoint identification of specific vulnerabilities and conditions that are difficult for other tools to identify.
-
0:40
»
SecDocs
Authors:
Marcin Wielgoszewski Nathan Hamiel Tags:
web application web python Event:
Black Hat USA 2010 Abstract: It seems that everything is a web application nowadays. Whether the application is cloud-based, mobile, or even fat client they all seem to be using web protocols to communicate. Adding to the traditional landscape there is rise in the use of application programming interfaces, integration hooks, and next generation web technologies. What this means for someone testing web applications is that flexibility is the key to success. The Python programming language is just as flexible as today’s web application platforms. The language is appealing to security professionals because it is easy to read and write, has a wide variety of modules, and has plenty of resources for help. This additional flexibility affords the tester greater depth than many of the canned tests that come with common tools they use on a daily basis. Greater familiarity plus flexible language equals tester win! In this presentation we introduce methods with which to create your own clients, tools, and test cases using the Python programming language. We want to put testers closer to the conditions in which they are testing for and arm them with the necessary resources to be successful. We also discuss interfacing with current tools that people commonly use for web application testing. This allows for pinpoint identification of specific vulnerabilities and conditions that are difficult for other tools to identify.
-
-
7:43
»
Packet Storm Security Recent Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
7:43
»
Packet Storm Security Tools
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
7:43
»
Packet Storm Security Misc. Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
-
8:01
»
Packet Storm Security Recent Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
8:01
»
Packet Storm Security Tools
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
8:01
»
Packet Storm Security Misc. Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
-
8:20
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-096 - The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / character at the beginning of the URI. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the file:// URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed.
-
8:20
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-096 - The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / character at the beginning of the URI. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the file:// URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed.
-
-
7:19
»
Packet Storm Security Recent Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
7:19
»
Packet Storm Security Tools
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
7:19
»
Packet Storm Security Misc. Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
-
9:05
»
Packet Storm Security Recent Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
9:05
»
Packet Storm Security Tools
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
9:05
»
Packet Storm Security Misc. Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
-
15:56
»
Packet Storm Security Exploits
ACTi ASOC 2200 Web Configurator versions 2.6 and below remote root command execution exploit. This is a secondary version of the original and is written in Python.
-
15:56
»
Packet Storm Security Recent Files
ACTi ASOC 2200 Web Configurator versions 2.6 and below remote root command execution exploit. This is a secondary version of the original and is written in Python.
-
15:56
»
Packet Storm Security Misc. Files
ACTi ASOC 2200 Web Configurator versions 2.6 and below remote root command execution exploit. This is a secondary version of the original and is written in Python.
-
-
6:04
»
Hack a Day
[Stealth] put together a post explaining how he writes drivers for input peripherals. He’s using Python which makes the process fairly painless (we’ll get to that in a minute) but the value of his post is in the explanation surrounding how to interpret the data. Once you know how the communications are coming in from [...]
-
-
15:36
»
Packet Storm Security Recent Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
15:36
»
Packet Storm Security Tools
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
15:36
»
Packet Storm Security Misc. Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
-
14:07
»
Packet Storm Security Recent Files
Slowbrute is a slow SSH brute-forcing utility written in Python. Paramiko must be installed and if Tor is being leveraged in order to anonymize the scan, run it at 127.0.0.1:9050.
-
14:07
»
Packet Storm Security Misc. Files
Slowbrute is a slow SSH brute-forcing utility written in Python. Paramiko must be installed and if Tor is being leveraged in order to anonymize the scan, run it at 127.0.0.1:9050.
-
-
13:21
»
Packet Storm Security Recent Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
13:21
»
Packet Storm Security Tools
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
13:21
»
Packet Storm Security Misc. Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
-
7:35
»
Packet Storm Security Recent Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
7:35
»
Packet Storm Security Tools
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
-
7:35
»
Packet Storm Security Misc. Files
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
0day.today (was: 1337day, Inj3ct0r, 1337db) (159 unread)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution