Python Exploits
6,634 exploits tracked across all sources.
Rukovoditel 2.5.2 - Remote Code Execution via Language File Path Traversal
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
by danyx07
CVSS 9.8
BlazeDVD 7.0 Professional - '.plf' Local Buffer Overflow (SEH_ASLR_DEP)
by emalp
CMS Made Simple 2.2.14 - Arbitrary File Upload (Authenticated)
by Luis Noriega
Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation
Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating role settings without authentication.
by LiquidWorm
CVSS 9.8
ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow (DEP_ASLR Bypass) (PoC)
by Paras Bhatia
Mida eFramework <= 2.9.0 - Unauthenticated Remote Code Execution via OS Command Injection
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
by elbae
CVSS 9.8
.NET Framework, SharePoint Server, and Visual Studio - Remote Code Execution via XML Input Deserialization
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
by West Shepherd
CVSS 7.8
Artica Web Proxy 4.30.00000000 - SQL Injection
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
by Dan Duffy
CVSS 9.8
QlikView 12.50.20000.0 - Denial of Service via FTP Server Address Input Field
QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality.
by Luis Martínez
CVSS 6.2
ACTi NVR3 Standard Server 3.0.12.42 - Unauthenticated Denial of Service via Malformed Payload
ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload.
by MegaMagnus
CVSS 7.5
Mocha Telnet Lite for iOS 4.2 - DoS
Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User' field with 350 bytes of repeated characters to trigger an application crash and prevent normal functionality.
by Luis Martínez
CVSS 7.5
RTSP for iOS 1.0 - 'IP Address' Denial of Service (PoC)
by Luis Martínez
Pi-hole < 4.3.2 - Authenticated Remote Code Execution via DHCP Static Lease
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
by Luis Vacacas
CVSS 7.2
Daily Expenses Management System 1.0 - 'username' SQL Injection
by Daniel Ortiz
BacklinkSpeed 2.4 - Buffer Overflow
BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler (SEH) chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, potentially executing arbitrary code and gaining control of the application.
by Saeed reza Zamanian
CVSS 9.8
eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution
by Berk KIRAS
Socusoft Photo to Video Converter Professional 8.07 - Buffer Overflow
Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the output folder field to trigger a stack-based buffer overflow and potentially execute shellcode.
by MasterVlad
CVSS 8.4
Port Forwarding Wizard 4.8.0 - Local Buffer Overflow via Register Feature
Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malicious payload with an egg tag and overwrite SEH handlers to potentially execute shellcode on vulnerable Windows systems.
by Sarang Tumne
CVSS 8.4
Nidesoft DVD Ripper 5.2.18 - Buffer Overflow
Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigger a stack-based buffer overflow and execute shellcode.
by Felipe Winsnes
CVSS 8.4
Frigate Professional 3.36.0.9 - Buffer Overflow
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler (SEH) and uses an egghunter technique to execute a reverse shell payload.
by MasterVlad
CVSS 8.4
Free MP3 CD Ripper 2.8 - Remote Code Execution via Malicious WAV File
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, SEH bypass, and egghunter technique to achieve remote code execution on vulnerable Windows systems.
by Eduard Palisek
CVSS 9.8
SourceCodester Online Course Registration v1.0 - RCE
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo.
by boku
CVSS 9.8
Flexsense DiskBoss 7.7.14 - Buffer Overflow
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system.
by MasterVlad
CVSS 7.8
Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
by Felipe Winsnes
ManageEngine Applications Manager 12-13 < 13200 - Unauthenticated SQL Injection via MenuHandlerServlet
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.
by aldorm
CVSS 9.8
By Source