Python Exploits
6,625 exploits tracked across all sources.
Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated)
by Jeremy Brown
Easy CD & DVD Cover Creator 4.13 - Buffer Overflow
Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the serial number field to trigger an application crash.
by stresser
CVSS 9.8
Arteco Web Client DVR/NVR - Auth Bypass
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.
by LiquidWorm
CVSS 9.8
sar2html 3.2.1 - 'plot' Remote Code Execution
by Musyoka Ian
MantisBT < 2.24.4 - SQL Injection via API SOAP mc_project_get_users Parameter
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
by EthicalHCOP
CVSS 5.3
GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
by Norbert Hofmann
CVSS 7.5
10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH)
by Florian Gassner
SyncBreeze 10.0.28 - Denial of Service via Oversized Login Payload
SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.
by Ahmed Elkhressy
CVSS 7.5
Dolibarr ERP-CRM 12.0.3 - Remote Code Execution (Authenticated)
by Yilmaz Degirmenci
Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (2)
by Andrea Bruschi
Cisco ASA 9.6-9.6.4.42 & FTD 6.2.3-6.2.3.16 Unauthenticated Path Traversal
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
by Freakyclown
CVSS 7.5
LibreNMS 1.46 - Authenticated SQL Injection
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.
by Hodorsec
CVSS 7.1
MiniWeb HTTP Server 0.8.19 - Denial of Service via Long POST Parameter Name
MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request.
by securityforeveryone.com
CVSS 7.5
GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
by Fortunato Lodari
CVSS 7.5
Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation
by Maximilian Barz
Flexense DupScout Enterprise 10.0.18 - Buffer Overflow
A buffer overflow in the web server of Flexense DupScout Enterprise 10.0.18 allows a remote anonymous attacker to execute code as SYSTEM by overflowing the sid parameter via a GET /settings&sid= attack.
by Andrés Roldán
CVSS 9.8
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
by 1F98D
CVSS 9.8
Dup Scout Enterprise 10.0.18 - 'online_registration' Remote Buffer Overflow
by 0rbz_
Online Matrimonial Project 1.0 - Authenticated Remote Code Execution
by Valerio Alessandroni
WonderCMS 3.1.3 - Code Execution via Theme Installer SSRF
A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer.
by zetc0de
CVSS 9.8
WonderCMS 3.1.3 - Authenticated Remote Code Execution via Theme/Plugin Installer
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.
by zetc0de
CVSS 9.8
By Source