Python Exploits
6,674 exploits tracked across all sources.
OpenText Documentum Content Server < 7.3 - Authenticated Arbitrary File Download via DATA_TICKET Manipulation
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. As the result of this design, any authenticated user may create his own dmr_content object, pointing to already existing content in the Content Server filesystem.
by Andrey B. Panfilov
CVSS 4.3
OpenText Documentum Content Server < 7.3 - Authenticated Privilege Escalation via dmr_content Object Manipulation
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.
by Andrey B. Panfilov
CVSS 8.8
TP-Link WR940N Hardware v4 - Authenticated Remote Code Execution via PingIframeRpm.htm or WanStaticIpV6CfgRpm.htm
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.
by Fidus InfoSecurity
CVSS 8.8
ASX to MP3 Converter 3.1.3.7.2010.11.05 - Buffer Overflow via Crafted M3U File
ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324.
by Parichay Rai
CVSS 7.8
Flexense VX Search Enterprise 10.1.12 - Remote Code Execution via Buffer Overflow in Long URI
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.
by Revnic Vasile
CVSS 9.8
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
by intx0x80
CVSS 8.1
EmTec PyroBatchFTP < 3.17 - Denial of Service via Buffer Overflow
EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash).
by Kevin McGuigan
CVSS 7.5
Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Local Buffer Overflow (SEH)
by Venkat Rajgor
dnsmasq <2.78 - Buffer Overflow
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
by Google Security Research
CVSS 9.8
dnsmasq <2.78 - DoS
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
by Google Security Research
CVSS 7.5
dnsmasq <2.78 - DoS
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
by Google Security Research
CVSS 7.5
dnsmasq <2.78 - Info Disclosure
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
by Google Security Research
CVSS 5.9
dnsmasq <2.78 - Buffer Overflow
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
by Google Security Research
CVSS 9.8
dnsmasq < 2.78 - Remote Code Execution via Crafted DNS Response
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
by Google Security Research
CVSS 9.8
Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow
by Owais Mehtab
Dup Scout Enterprise 10.0.18 - 'Import Command' Local Buffer Overflow
by Touhid M.Shaikh
Trend Micro OfficeScan <11.0 - Memory Corruption
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
by hyp3rlinx
CVSS 9.8
FileRun <2017.09.18 - SQL Injection
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).
by SPARC
CVSS 9.8
Intelbras WRN 150 - Authentication Bypass
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.
by Elber Tavares
CVSS 9.8
DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow
by Touhid M.Shaikh
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow (PoC)
by Touhid M.Shaikh
MikroTik RouterBOARD 6.39.2 and 6.40.5 - Unauthenticated Denial of Service via TCP Port 53
MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS.
by Mr Bruce
CVSS 7.5
Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, 12.2.1.0 - Remote Code Execution via T3 Protocol Deserialization
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
by SlidingWindow
CVSS 9.8
By Source