Python Exploits
6,625 exploits tracked across all sources.
10-Strike Network Inventory Explorer <8.65 - RCE
10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with 209 bytes of padding and a specially constructed Structured Exception Handler to trigger code execution.
by Sectechs
CVSS 9.8
EventON < 3.0.5 - Cross-Site Scripting via Search Field
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
by B3KC4T
CVSS 6.1
Pharmacy/Medical Store & Sale Point 1.0 - 'email' SQL Injection
by naivenom
Setelsa Conacwin 3.7.1.2 - Local File Inclusion
by Bryan Rodriguez Martin
YATinyWinFTP >=0.0.5 <0.0.5 - Denial of Service via Malformed Command Buffer Overflow
YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash.
by strider
CVSS 9.8
Intelbras Router RF 301K <1.1.2 - Auth Bypass
Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve sensitive router configuration without authentication.
by Kaio Amaral
CVSS 7.5
ATX miniCMTS200a Broadband Gateway and Pico CMTS <= 2.0 - Unauthenticated Path Traversal
A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request.
by Zagros Bingol
CVSS 7.5
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
by Óscar Andreu
CVSS 9.8
Foxit Reader and PhantomPDF < 9.0.1.1049 - Remote Code Execution via Text Annotation Point Attribute
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.
by CrossWire
CVSS 8.8
FrozenNode Laravel-Administrator <5.0.12 - RCE
FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.
by Xavi Beltran
CVSS 7.2
Acronis Cyber Backup < 12.5 - Server-Side Request Forgery via Custom Shard Header
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572.
by Julien Ahrens
CVSS 6.5
libupnp < 1.6.18 - Remote Code Execution via SSDP Unique Service Name Parsing
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.
by Patrik Lantz
Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution
by Emre SUREN
Pure-FTPd 1.0.48 - Denial of Service via Connection Limit Exhaustion
Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.
by xynmaps
CVSS 7.5
Razer Chroma SDK < 3.12.17 - Remote Code Execution via Race Condition in App Registration
Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step.
by Loke Hui Yi
CVSS 8.1
SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow
by Abdessalam king
docPrint Pro 8.0 - Stack-based Buffer Overflow via Add URL Input Field
docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler (SEH) overwrite to execute shellcode and gain remote system access.
by MasterVlad
CVSS 8.4
Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)
by Luis Martínez
IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow
by Paolo Stagno
Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit
by stresser
M/Monit 3.7.4 - Privilege Escalation
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.
by Dolev Farhi
CVSS 8.8
M/Monit 3.7.4 - Authenticated Password Hash Exposure via Admin API Endpoints
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.
by Dolev Farhi
CVSS 6.5
Gitlab 12.9.0 - Arbitrary File Read (Authenticated)
by Jasper Rasenberg
FortiProxy < 1.2.9 and FortiOS 5.4.1-5.4.10 - Unauthenticated Password Modification via SSL VPN Web Portal
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests
by Ricardo Longatto
CVSS 9.1
Genexis Platinum 4410 V2.1 (P4410-V2-1.34H) - Cleartext Sensitive Info via UPnP X_GetAccess
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.
by Nitesh Surana
CVSS 6.5
By Source