Python Exploits
5,916 exploits tracked across all sources.
HP PageWide/OfficeJet Pro <1708D - RCE
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
by Jacob Baines
CVSS 9.8
Easy MOV Converter 1.4.24 - 'Enter User Name' Local Buffer Overflow (SEH)
by abatchy17
Easy File Sharing Web Server 7.2 - 'POST' Remote Buffer Overflow
by Touhid M.Shaikh
Disk Pulse 9.7.26 - 'Add Directory' Local Buffer Overflow
by abatchy17
Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow
by abatchy17
DiskBoss 8.0.16 - 'Input Directory' Local Buffer Overflow
by abatchy17
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
by abatchy17
VMware VDP <6.1 - Deserialization
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
by Kelly Correll
CVSS 9.8
Mapscrn 2.0.3 Stack-Based Buffer Overflow
Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the stack and achieve code execution or denial of service.
by Juan Sacco
CVSS 8.4
IPFire 2.19 - Command Injection
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.
by 0x09AL
CVSS 8.8
EFS Software Easy Chat Server <3.1 - Info Disclosure
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
by Aitezaz Mohsin
CVSS 7.5
EFS Software Easy Chat Server <3.1 - Buffer Overflow
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
by Aitezaz Mohsin
CVSS 9.8
EFS Software Easy Chat Server <3.1 - RCE
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
by Aitezaz Mohsin
CVSS 7.5
Apache Struts < 2.3.20.3 - Improper Input Validation
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
by nixawk
CVSS 9.8
EnGenius EnShare Cloud Service <1.4.11 - Command Injection
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.
by LiquidWorm
CVSS 9.8
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow (PoC)
by n3ckD_
Riverbed SteelHead VCX <9.6.0a - Path Traversal
A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter expressions to the log_filter endpoint using the filterStr parameter. This input is processed by a backend parser that permits execution of file expansion syntax, allowing the attacker to retrieve arbitrary system files via the log viewing interface.
by Gregory Draperi
TiEmu 2.08 Stack-Based Buffer Overflow Vulnerability
TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context.
by Juan Sacco
CVSS 9.8
TerraMaster F2-420 NAS TOS 3.0.30 - Root Remote Code Execution
by Simone Margaritelli
uc-http Daemon - Local File Inclusion / Directory Traversal
by Project Insecurity
JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow Remote Code Execution
JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack, overwrite return addresses, and execute shellcode in the application context.
by Juan Sacco
CVSS 9.8
Dup Scout Enterprise 9.7.18 - '.xml' Local Buffer Overflow
by ScrR1pTK1dd13
By Source