Python Exploits
6,652 exploits tracked across all sources.
phpipam < 1.4 - SQL Injection via Custom Fields Filter Table Parameter
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
by Kevin Kirsche
CVSS 9.8
Cisco Small Business 220 Series Smart Switches < 1.1.4.4 - Authenticated Command Injection via Web Management Interface
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user.
by bashis
CVSS 7.2
Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File
Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the vulnerability when imported and executed, enabling reverse shell execution with user privileges.
by Xavi Beltran
CVSS 9.8
Easy File Sharing Web Server 7.2 - Buffer Overflow
Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh value and seh pointer to trigger the overflow when adding a new user account.
by x00pwn
CVSS 8.4
File Sharing Wizard 1.5.0 - Buffer Overflow
File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.
by x00pwn
CVSS 9.8
DeviceViewer 3.12.0.1 - 'creating user' Denial of Service
by x00pwn
pfSense 2.3.4-2.4.4-p3 - Remote Code Execution via pfsense.exec_php MethodCall
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
by Nassim Asrir
CVSS 8.8
InputMapper 1.6.10 - Buffer Overflow
InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to process it, causing the application to crash.
by elkoyote07
CVSS 5.5
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - Information Disclosure
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
by Lazy Hacker
CVSS 5.3
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
by anonymous
CVSS 9.8
Verypdf docPrint Pro 8.0 - Buffer Overflow
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption.
by Connor McGarr
CVSS 8.4
Folder Lock 7.7.9 - Buffer Overflow
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field to trigger a denial of service condition.
by Achilles
CVSS 6.2
eWON Firmware 12.2-13.0 - Auth Bypass
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials and a crafted wsdList parameter to extract encrypted passwords for all users, which can be decrypted using a hardcoded XOR key.
by Photubias
CVSS 7.5
Epross AVCON6 - Unauthenticated Remote Code Execution via OGNL Injection in Login Action
Epross AVCON6 systems management platform contains an object-graph navigation language (OGNL) injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OGNL payloads in the redirect parameter to instantiate ProcessBuilder objects and execute system commands with root privileges.
by Nassim Asrir
CVSS 9.8
NETSAS Enigma NMS <65.0.0 - Command Injection
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action.
by xerubus
CVSS 9.8
Microsoft Windows NTFS - Privileged File Access Enumeration
by hyp3rlinx
Pulse Secure <9.0R3.4-5.1R15.1 - Authenticated Command Injection
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
by Justin Wagner
CVSS 7.2
FusionPBX 4.4.8 - Authenticated Remote Code Execution via service_edit.php Command Injection
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
by Askar
CVSS 8.8
Microsoft Windows - 'WSReset' UAC Protection Bypass (Registry)
by valen
SQL Server Password Changer 1.90 - Buffer Overflow
SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition.
by Velayutham Selvaraj_ Praveen Thiyagarayam
CVSS 6.2
Easy MP3 Downloader 4.7.8.8 - Buffer Overflow
Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field during application startup to trigger a denial of service condition.
by Mohan Ravichandran_ Snazzy Sanoj
CVSS 6.2
By Source