Python Exploits
6,688 exploits tracked across all sources.
Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read
by Debasish Mandal
SQLiteManager 1.2.4 - Remote PHP Code Injection
by RealGame
Serva 2.0.0 - HTTP Server GET Remote Denial of Service
by Julien Ahrens
Serva 2.0.0 - DNS Server QueryName Remote Denial of Service
by Julien Ahrens
Nagios Core < 3.4.4 / Icinga 1.6.x < 1.6.2, 1.7.x < 1.7.4, 1.8.x < 1.8.4 - Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
by blasty
Inmatrix Ltd. Zoom Player 8.5 - '.jpeg'File Memory Corruption / Arbitrary Code Execution
by Debasish Mandal
Belkin N150 N300 N450 N900 Wireless Routers - Predictable WPA2-PSK Passphrase
Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames.
by ZhaoChunsheng
OAstium VoIP PBX astium-confweb-2.1-25399 - Auth Bypass & RCE
A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the importcompany field in import.php, resulting in remote code execution. The malicious payload is injected into /usr/local/astium/web/php/config.php and executed with root privileges by triggering a configuration reload via sudo /sbin/service astcfgd reload. Successful exploitation leads to full system compromise.
by xistence
Ubiquiti AirOS 5.5.2 - (Authenticated) Remote Command Execution
by xistence
Centreon 2.3.3-2.3.9-4 - Authenticated SQL Injection via menuXML.php menu Parameter
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
by modpr0be
Linux kernel < 3.8 - Denial of Service via Btrfs CRC32C Hash Collision
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.
by Pascal Junod
Novell File Reporter <1.0.2 - Path Traversal
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
by Abysssec
FreeFloat FTP Server 1.0.0 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.
by D35m0nd142
CVSS 9.8
Indusoft Web Studio & Advantech Studio <=7.0 - Unauthenticated Path Traversal via NTWebServer.exe
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.
by Nin3
elastix 2.3.0 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter.
by cheki
By Source