Python Exploits
5,840 exploits tracked across all sources.
MySQL User-Defined (Linux) (x86) - 'sys_exec' Local Privilege Escalation
by d7x
Cisco RV320 and RV325 Unauthenticated Remote Code Execution
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.
by Harom Ramos
CVSS 7.5
Splunk Enterprise 7.2.3 - (Authenticated) Custom App Remote Code Execution
by Lee Mazzoleni
Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)
by Saeed Hasanzadeh
Nagios XI Magpie_debug.php Root Remote Code Execution
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
by Chris Lyne
CVSS 9.8
Nagios XI - OS Command Injection
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
by Chris Lyne
CVSS 7.8
Echo Mirage 3.1 Stack Buffer Overflow via Rules Action Field
Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding buffer boundaries and paste it into the action field through the Rules dialog to trigger the overflow and overwrite the return address.
by InitD Community
CVSS 8.4
7 Tik 1.0.1.0 Denial of Service via Search
7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 7700 characters into the search bar to trigger an application crash.
by 0xB9
CVSS 7.5
Eco Search 1.0.2.0 Denial of Service
Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a search operation.
by 0xB9
CVSS 6.2
FastTube 1.0.1.0 Denial of Service via Search
FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search operation is executed.
by 0xB9
CVSS 6.2
One Search 1.1.0.0 Denial of Service
One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar to trigger an unhandled exception that crashes the application.
by 0xB9
CVSS 6.2
VPN Browser+ 1.1.0.0 Denial of Service
VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting oversized input through the search functionality. Attackers can paste a large buffer of characters into the search bar to trigger an unhandled exception that terminates the application.
by 0xB9
CVSS 7.5
Watchr 1.1.0.0 Denial of Service via Search
Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the application to crash.
by 0xB9
CVSS 6.2
OpenSSH 7.9 - Info Disclosure
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
by Mark E. Haase
CVSS 6.8
Openbsd Openssh < 7.9 - Path Traversal
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
by Mark E. Haase
CVSS 5.9
Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)
by Aaron V. Hernandez
Blueimp jQuery-File-Upload <=9.22.0 - File Upload
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
by Larry W. Cashdollar
CVSS 9.8
Ntpsec < 1.1.3 - Out-of-Bounds Read
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.
by Magnus Klaaborg Stubman
CVSS 9.1
Ntpsec < 1.1.3 - NULL Pointer Dereference
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
by Magnus Klaaborg Stubman
CVSS 6.5
Ntpsec < 1.1.3 - Out-of-Bounds Read
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
by Magnus Klaaborg Stubman
CVSS 9.1
Ntpsec < 1.1.3 - Out-of-Bounds Write
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
by Magnus Klaaborg Stubman
CVSS 6.5
Fortinet Fortiadc < 5.4.5 - Incorrect Permission Assignment
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
by Julio Ureña
CVSS 4.3
Umbraco CMS <7.15.10 - Authenticated RCE
Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
by Gregory Draperi
CVSS 7.2
By Source