Python Exploits
6,614 exploits tracked across all sources.
Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)
by shinris3n
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation
by LiquidWorm
Ether MP3 CD Burner 1.3.8 - Remote Code Execution via Registration Name Field Buffer Overflow
Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote code execution. Attackers can craft a malicious payload to overwrite SEH handlers and execute a bind shell on port 3110 by exploiting improper input validation.
by stresser
CVSS 9.8
Cyberfox Web Browser 52.9.1 - Denial of Service via Search Bar Overflow
Cyberfox Web Browser 52.9.1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the search bar with excessive data. Attackers can generate a 9,000,000 byte payload and paste it into the search bar to trigger an application crash.
by Aryan Chehreghani
CVSS 7.5
Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers
by Michael Alamoot
Redragon Gaming Mouse - Denial of Service via Malformed IOCTL Request
Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE device to crash the kernel driver.
by Quadron Research Lab
CVSS 7.5
Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload
by spacehen
e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme Upload
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell to the e107_themes directory, then execute system commands via the payload.php script.
by Halit AKAYDIN
CVSS 8.8
Sentry 8.2.0 Remote Code Execution via Pickle Deserialization
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with application privileges.
by Mohin Paramasivam
CVSS 8.8
Online Reviewer System 1.0 - Remote Code Execution via Malicious PHP File Upload
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..
by Abdullah Khawaja
CVSS 9.8
OpenCats < 0.9.4-3 - XML External Entity Injection via DOCX/ODT File Upload
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.
by Jake Ruston
CVSS 7.5
Filerun 2021.03.26 - Remote Code Execution (RCE) (Authenticated)
by syntegris information solutions GmbH
Yenkee YMS 3029 Firmware - Denial of Service via GM312Fltr.sys DeviceIoControl Buffer Overrun
Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash.
by Quadron Research Lab
CVSS 7.5
WebsiteBaker 2.13.0 - Authenticated Remote Code Execution via Language Installation Endpoint
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server.
by Halit AKAYDIN
CVSS 8.8
Sourcecodester Online Food Ordering System 2.0 - Remote Code Execution via PHP File Upload Bypass
Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.
by Abdullah Khawaja
CVSS 9.8
Church Management System 1.0 - Remote Code Execution via Image Upload Field
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.
by Abdullah Khawaja
CVSS 9.8
Booster for WooCommerce <= 5.4.3 - Authentication Bypass via Email Verification Token Weakness
Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.
by 0xB455
CVSS 9.8
Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)
by boku
ImpressCMS 1.4.2 Remote Code Execution via Autotasks
ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat_code parameter. Attackers can authenticate, submit a POST request to /modules/system/admin.php?fct=autotasks&op=mod with crafted sat_code containing PHP commands, which creates an executable file that accepts arbitrary commands via GET parameters.
by Halit AKAYDIN
CVSS 8.8
Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in the 'post' parameter to create modules that execute arbitrary commands when invoked.
by Halit AKAYDIN
CVSS 8.8
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
by Ricardo Ruiz
Purchase Order Management System 1.0 - Remote File Upload
by Aryan Chehreghani
WordPress Download From Files 1.48 Arbitrary File Upload
WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint with the download_from_files_617_fileupload action, manipulating the allowExt parameter to bypass file type restrictions and upload executable files like PHP shells to the web root.
by spacehen
CVSS 9.8
PHPGurukul AVMS <1.0 - SQL Injection
SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.
by mari0x00
CVSS 9.8
ParlAI < 1.1.0 - Remote Code Execution via Unsafe YAML Deserialization
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.
by Abhiram V
CVSS 9.8
By Source