Python Exploits
5,916 exploits tracked across all sources.
Flexense Sysgauge - Memory Corruption
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
by Peter Baris
CVSS 9.8
Synchro Bbs - Denial of Service
Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.
by Peter Baris
CVSS 7.5
Netgear Dgn2200 Series Firmware < 10.0.0.50 - OS Command Injection
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
by SivertPL
CVSS 8.8
Disksavvy Enterprise - Memory Corruption
Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.
by Peter Baris
CVSS 9.8
Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation
by forsec
Grails PDF Plugin 0.6 - XML External Entity Injection
by Charles Fol
Netgear Dgn2200 Firmware < 10.0.0.50 - OS Command Injection
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
by SivertPL
CVSS 9.8
ShadeYouVPN Client 2.0.1.11 - Local Privilege Escalation
by Kacper Szurek
BIG-IP - Memory Corruption
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.
by @0x00string
CVSS 7.5
CUPS <2.0.3 - Memory Corruption
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
by @0x00string
Microsoft Windows 10 - SMBv3 Tree Connect (PoC)
by laurent gaffie
HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download
by Mariusz Poplawski
NETGEAR R8500-R8000 - Info Disclosure
An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions.
by Trustwave's SpiderLabs
CVSS 8.1
Autodesk Backburner Manager 3 < 2016.0.0.2150 - Null Dereference Denial of Service
by b0nd
Oracle Jdk - Improper Input Validation
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).
by ERPScan
CVSS 9.0
Joomla! < 3.6.4 - Improper Access Control
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.
by Charles Fol
CVSS 7.5
Joomla! < 2.5.3 - Improper Privilege Management
Joomla! before 2.5.3 allows Admin Account Creation.
by Charles Fol
CVSS 7.5
SentryHD 02.01.12e - Local Privilege Escalation
by Kacper Szurek
iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte stack buffer and gain code execution with user privileges.
by Juan Sacco
CVSS 8.4
By Source