Python Exploits
5,911 exploits tracked across all sources.
Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service
by Hashim Jawad
Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service
by Hashim Jawad
Dell Emc Networker < 9.1.1.6 - Memory Corruption
In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability to cause a denial of service to the users of NetWorker systems.
by Marek Cybul
CVSS 7.5
Google Android - Out-of-Bounds Read
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284.
by QuarksLab
CVSS 6.5
Google Android - Out-of-Bounds Read
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284.
by QuarksLab
CVSS 6.5
Cisco Node-jose < 0.11.0 - Signature Verification Bypass
A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.
by zioBlack
CVSS 7.5
Kamailio 5.1.1 / 5.1.0 / 5.0.0 - Off-by-One Heap Overflow
by EnableSecurity
Intelbras Tip200 Firmware - Path Traversal
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password.
by anhax0r
CVSS 7.2
Kaseya Unitrends Backup < 10.1 - Authentication Bypass
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.
by Jared Arave
CVSS 9.8
Unitrends Backup < 10.1.10 - SQL Injection
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
by Jared Arave
CVSS 9.8
Mikrotik Routeros < 6.41.3 - Memory Corruption
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
by CoreLabs
CVSS 9.8
SAP Customer Relationship Management - Path Traversal
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
by erp scan team
CVSS 6.6
SC 7.16 - Stack Buffer Overflow Local Code Execution
SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute shellcode in the application context.
by Juan Sacco
CVSS 8.4
WebAccess <8.3.2 - Path Traversal
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.
by Chris Lyne
CVSS 9.8
Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow
by Mohan Ravichandran
MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code Execution
by Lorenzo Santina
MikroTik RouterOS < 6.38.4 (MIPSBE) - 'Chimay Red' Stack Clash Remote Code Execution
by Lorenzo Santina
Weblogexpert Weblog Expert - Resource Allocation Without Limits
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991.
by hyp3rlinx
CVSS 7.5
Memcached <1.5.6 - DoS
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
by 649
CVSS 7.5
Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflow
by bzyo
Memcached 1.5.5 - 'Memcrashed' Insufficient Control Network Message Volume Denial of Service (2)
by Alex Conrey
iSumsoft ZIP Password Refixer 3.1.1 - Buffer Overflow
by ScrR1pTK1dd13
By Source