Python Exploits
5,911 exploits tracked across all sources.
Online Voting System 1.0 - Info Disclosure
A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts.
by Giulio Comi
CVSS 9.8
Wordpress < 4.9.2 - Denial of Service
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
by Barak Tawily
CVSS 7.5
HP Integrated Lights-out 4 Firmware < 2.53 - Authentication Bypass
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
by skelsec
CVSS 10.0
Oracle Hospitality Simphony <2.9 - RCE
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Supported versions that are affected are 2.7, 2.8 and 2.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Dmitry Chastuhin
CVSS 8.1
Flexense Syncbreeze - Memory Corruption
A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.
by Daniel Teixeira
CVSS 9.8
Geovision Inc. IP Camera & Video - Remote Command Execution
by bashis
BMC Server Automation < 8.6 - Improper Authorization
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.
by Paul Taylor
CVSS 5.3
WebAccess <8.3 - SQL Injection
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.
by Chris Lyne
CVSS 9.8
LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow
by Miguel Mendez Z
Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution
by mr_me
BMC BladeLogic Server Automation <8.7 - Auth Bypass
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.
by Paul Taylor
CVSS 7.5
BMC Server Automation < 8.6 - Improper Authorization
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.
by Paul Taylor
CVSS 5.3
BMC BladeLogic Server Automation <8.8 - Auth Bypass
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
by Paul Taylor
CVSS 7.5
ASUS DSL-N14U B1 Router 1.1.2.3_345 - Change Administrator Password
by Víctor Calvo
Telerik UI For Asp.net Ajax < 2016.3.1027 - Weak Encryption
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
by Paul Taylor
CVSS 9.8
RAVPower Filehub <2.000.056 - RCE
An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root.
by Daniele Linguaglossa & Stefano Farletti
CVSS 9.8
Telerik UI <R2 2017 SP1-10.0.6412.0 - MachineKey Leak
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.
by Paul Taylor
CVSS 9.8
Telerik UI For Asp.net Ajax < 2020.1.114 - Unrestricted File Upload
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
by Paul Taylor
CVSS 9.8
HPE Connected Backup <8.8.6 - Privilege Escalation
A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.
by Peter Lapp
CVSS 7.8
RAVPower FileHub 2.000.056 - Info Disclosure
RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request.
by Daniele Linguaglossa
CVSS 7.5
Herospeed - 'TelnetSwitch' Remote Stack Overflow / Overwrite Password / Enable TelnetD
by bashis
Smiths-medical Medfusion 4000 Wireles... - Memory Corruption
A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation.
by Scott Gayou
CVSS 8.1
By Source