Python Exploits
6,652 exploits tracked across all sources.
Fastweb Askey RTV1907VW Firmware 0.00.81_FW_200_Askey - OS Command Injection via USB Remove Service Mount Parameter
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter.
by Riccardo Gasparini
CVSS 9.8
Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting
by Luis Santana
Control Center PRO 6.2.9 - Buffer Overflow
Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and potentially execute arbitrary code on vulnerable Windows systems.
by sasaga92
CVSS 8.4
Confluence Server 6.15.1 - Path Traversal and Remote Code Execution
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. All versions of Confluence Server from 2.0.0 before 6.6.13 (the fixed version for 6.6.x), from 6.7.0 before 6.12.4 (the fixed version for 6.12.x), from 6.13.0 before 6.13.4 (the fixed version for 6.13.x), from 6.14.0 before 6.14.3 (the fixed version for 6.14.x), and from 6.15.0 before 6.15.2 are affected by this vulnerability.
by max7253
CVSS 8.8
Prima Systems FlexAir <2.3.38 - Command Injection
Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system.
by LiquidWorm
CVSS 7.2
Optergy Enterprise and Proton < 2.3.0a - Remote Root Code Execution via Backdoor Console
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
by LiquidWorm
CVSS 9.8
Prima Systems FlexAir <2.3.38 - Auth Bypass
Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password.
by LiquidWorm
CVSS 8.8
Linear eMerge E3-Series - Command Injection
Linear eMerge E3-Series devices allow Command Injections.
by LiquidWorm
CVSS 9.8
Linear eMerge E3-Series - Unrestricted File Upload
Linear eMerge E3-Series devices allow Unrestricted File Upload.
by LiquidWorm
CVSS 10.0
Linear eMerge E3-Series Firmware < 1.00-06 - Remote Code Execution via Hard-coded SSH Credentials
Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).
by LiquidWorm
CVSS 9.8
Schben Adive < 2.0.7 - Privilege Escalation via User Addition
Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.
by Pablo Santiago
CVSS 8.8
Jenkins build-metrics < 1.3 - Reflected Cross-Site Scripting
A reflected cross-site scripting vulnerability in Jenkins build-metrics Plugin allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.
by vesche
CVSS 6.1
FileOptimizer 14.00.2524 - Denial of Service via TempDirectory Parameter Overwrite
FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when opening options.
by SYANiDE
CVSS 7.5
Ayukov NFTP client 1.71 - Stack-based Buffer Overflow via SYST Command
Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150.
by SYANiDE
CVSS 9.8
Aida64 Engineer 6.10.5200 - Buffer Overflow
Aida64 Engineer 6.10.5200 contains a buffer overflow vulnerability in the CSV logging configuration that allows attackers to execute malicious code by crafting a specially designed payload. Attackers can exploit the vulnerability by creating a malformed log file with carefully constructed SEH (Structured Exception Handler) overwrite techniques to achieve remote code execution.
by daejinoh
CVSS 9.8
ClamAV/ClamBC < 0.103.0-rc - Code Injection via ClamBC Bytecode Function Name Manipulation
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine.
by anonymous
CVSS 8.4
Apache Solr 5.0.0-8.3.1 - Remote Code Execution via Velocity Template Injection
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
by @l3x_wong
CVSS 7.5
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer Overflow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a stack-based buffer overflow in the application's input handling.
by 4ll4u
CVSS 9.8
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer Overflow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to crash the application by providing an oversized license input. Attackers can generate a 6000-byte payload and paste it into the 'License Name and License Code' field to trigger an application crash.
by Nithoshitha S
CVSS 7.5
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer Overflow
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a stack-based buffer overflow in the application's input handling.
by Nithoshitha S
CVSS 9.8
MailCarrier 2.51 - Remote Code Execution via POP3 USER Command Buffer Overflow
MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 service, overwriting memory and potentially gaining remote system access.
by Lance Biggerstaff
CVSS 9.8
Microsoft Windows Group Policy - Security Feature Bypass via Spoofed Domain-Controller Responses
The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability."
by Thomas Zuk
Microsoft Windows - Remote Code Execution via UNC Share Authentication Bypass
The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability."
by Thomas Zuk
By Source