Python Exploits
6,637 exploits tracked across all sources.
Bludit 3.9.2 - Remote Code Execution via Image Upload Path Traversal
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
by Luis Vacacas
CVSS 8.8
Quick Player 1.3 - Buffer Overflow via Malicious .m3l File
Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger the vulnerability by loading a specially crafted file through the application's file loading mechanism, potentially enabling remote code execution.
by Felipe Winsnes
CVSS 9.8
Frigate 3 Professional 3.36.0.9 - Local Buffer Overflow via Command Line Input
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted input sequence.
by Paras Bhatia
CVSS 8.4
Online-Exam-System 2015 - SQL Injection
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters.
by Gus Ralph
CVSS 8.2
Navigate CMS 2.8.7 - Authenticated SQL Injection
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.
by Gus Ralph
CVSS 7.1
Ubiquiti AirControl 1.4.2 - Unauthenticated Remote Code Execution via Java Expression Injection in /.seam Endpoint
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedded Java expressions to run commands with the application's system privileges.
by 0xd0ff9
CVSS 9.8
Cayin Signage Media Player 3.0 - Command Injection
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.
by LiquidWorm
CVSS 8.8
VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution
by Tomas Melicher
Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
by chompie1337
CVSS 10.0
VMware Cloud Director 9.5.0.0-9.5.0.5 - Authenticated Remote Code Execution via Expression Language Injection
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.
by aaronsvk
CVSS 8.8
bbPress <2.6.5 - Privilege Escalation
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.
by Raphael Karger
CVSS 9.8
QuickBox <2.5.5-2.1.8 - Command Injection
QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.
by s1gh
CVSS 8.8
Crystal Shard http-protection 0.2.0 - SSRF
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and gain unauthorized access.
by Halis Duraki
CVSS 9.8
QNAP QTS and Photo Station 6.0.3 - Remote Command Execution
by Th3GundY
StreamRipper32 <2.6 - Buffer Overflow
StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that allows attackers to overwrite memory by manipulating the SongPattern input. Attackers can craft a malicious payload exceeding 256 bytes to potentially execute arbitrary code and compromise the application.
by Andy Bowden
CVSS 9.8
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
by Photubias
CVSS 8.8
GoldWave 5.70 - Stack-based Buffer Overflow via File Open URL Dialog
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow and execute commands when the file is opened.
by Andy Bowden
CVSS 9.8
Konica Minolta FTP Utility 1.0 - Buffer Overflow
Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code.
by Socket_0x03
CVSS 9.8
Filetto 1.0 - Denial of Service via Oversized FEAT Command
Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send an oversized FEAT command with 11,008 bytes of repeated characters to trigger a buffer overflow and terminate the FTP service.
by Socket_0x03
CVSS 9.8
VUPlayer 2.49 .m3u - Local Buffer Overflow (DEP_ASLR)
by Gobinathan
Gym Management System 1.0 - Unauthenticated Remote Code Execution
by boku
AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)
by Xenofon Vassilakopoulos
CraftCMS 3 vCard Plugin 1.0.0 - Code Injection
CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized payload that triggers remote code execution by exploiting the plugin's vCard download functionality with a specially crafted request.
by Wade Guest
CVSS 9.8
BIND 9.0.0-9.11.17 - Denial of Service via TSIG Key Assertion Failure
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
by Teppei Fukuda
CVSS 7.5
By Source