Python Exploits
5,916 exploits tracked across all sources.
Intel Security VSEL <2.0.3 - Auth Bypass
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
by Andrew Fasano
CVSS 8.1
Intel Security VSEL <2.0.3 - RCE
Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.
by Andrew Fasano
CVSS 7.5
Intel Security VirusScan Enterprise Linux <2.0.3 - RCE
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.
by Andrew Fasano
CVSS 5.0
Intel Security VirusScan Enterprise Linux <2.0.3 - Code Injection
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
by Andrew Fasano
CVSS 8.0
Intel Security VSEL <2.0.3 - XSS
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.
by Andrew Fasano
CVSS 6.1
Intel Security VSEL <2.0.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.
by Andrew Fasano
CVSS 4.3
Intel Security VSEL <2.0.3 - Code Injection
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.
by Andrew Fasano
CVSS 4.1
Intel Security VirusScan Enterprise Linux <2.0.3 - Info Disclosure
Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.
by Andrew Fasano
CVSS 3.4
Intel Security VSEL <2.0.3 - Info Disclosure
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
by Andrew Fasano
CVSS 6.2
Apache HTTP Server 2.4.17-2.4.23 - DoS
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
by Jungun Baek
CVSS 7.5
Openssl - Improper Access Control
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.
by Silverfox
CVSS 7.5
10-Strike Network File Search Pro 2.3 - Local Buffer Overflow (SEH)
by malwrforensics
Splunk Enterprise 6.4.3 - Server-Side Request Forgery
by Security-Assessment.com
OpenSSH <7.3 - DoS
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
by SecPod Research
CVSS 7.5
Microsoft Windows 10 (x86/x64) - WLAN AutoConfig Denial of Service (PoC)
by Jeremy Brown
DiskBoss Enterprise <8.2.14 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts.
by vportal
Dup Scout Enterprise 9.1.14 - Remote Buffer Overflow (SEH)
by vportal
Alcatel-lucent Omnivista 8770 Network... - Authentication Bypass
Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server."
by malerisch
CVSS 9.8
BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution
by Jeremy Brown
Disk Savvy Enterprise 9.1.14 - 'GET' Remote Buffer Overflow
by vportal
By Source