Python Exploits
6,676 exploits tracked across all sources.
AVTECH IP camera, DVR, and NVR Devices - Unauthenticated Authentication Bypass via /nobody URL Path
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in the URL, bypassing login controls.
by Gergely Eberhardt
AVTECH IP camera - Command Injection
An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges.
by Gergely Eberhardt
AVTECH DVR-NVR-IP Camera - Command Injection
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.
by Gergely Eberhardt
AVTECH IP camera, DVR, and NVR Devices - Unauthenticated OS Command Injection via Search.cgi Parameters
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.
by Gergely Eberhardt
AVTECH IP camera, DVR, and NVR devices - Authentication Bypass via .cab URL Spoofing
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
by Gergely Eberhardt
AVTECH DVR - Server-Side Request Forgery
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests from the DVR to internal or external systems, potentially exposing sensitive data or interacting with internal services.
by Gergely Eberhardt
AVTECH IP cameras, DVR, and NVR devices - Cross-Site Request Forgery
A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated user’s browser session, allow unauthorized changes to the device configuration without user interaction.
by Gergely Eberhardt
AVTECH IP Camera, NVR, and DVR Devices - Authenticated OS Command Injection via CloudSetup.cgi exefile Parameter
AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke this endpoint can supply crafted input to execute arbitrary system commands as root. Successful exploitation grants full control of the device, and - depending on deployment and whether the device stores credentials or has network reachability to internal systems - may enable credential theft, lateral movement, or data exfiltration. The archived SEARCH-LAB disclosure implies that this vulnerability was remediated in early 2017, but AVTECH has not defined an affected version range.
by Gergely Eberhardt
Persistent Systems Radia Client Automation <9.1 - RCE
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
by SlidingWindow
VX Search Enterprise 9.0.26 - 'Login' Remote Buffer Overflow
by Tulpa
Sync Breeze Enterprise 8.9.24 - 'Login' Remote Buffer Overflow
by Tulpa
Dup Scout Enterprise 9.0.28 - 'Login' Remote Buffer Overflow
by Tulpa
Disk Sorter Enterprise 9.0.24 - 'Login' Remote Buffer Overflow
by Tulpa
Disk Savvy Enterprise 9.0.32 - 'Login' Remote Buffer Overflow
by Tulpa
Oracle Linux < 9.9.9 - Improper Input Validation
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
by Infobyte
CVSS 7.5
Disk Pulse Enterprise <9.0.34 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component. Successful exploitation allows arbitrary code execution with SYSTEM privileges.
by Tulpa
Grandstream GXV3611_HD Firmware < 1.0.3.6 - SQL Injection via TELNET Username
SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username.
by pizza1337
VideoLAN VLC Media Player 2.2.1 - Buffer Overflow
by sultan albalawi
EKG Gadu 1.9 Local Buffer Overflow via Username Parameter
EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buffer exceeding 258 bytes to overwrite the instruction pointer and execute shellcode with user privileges.
by Juan Sacco
CVSS 8.4
Cisco ASA 9.2(3) - 'EXTRABACON' Authentication Bypass
by Sean Dillon
PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure
by Yakir Wizman
Cherry Music <0.36.0 - Path Traversal
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
by feedersec
CVSS 4.3
By Source