Python Exploits
5,737 exploits tracked across all sources.
Zyxel NAS326 <V5.21(AAZF.17)C0 - Command Injection
** UNSUPPORTED WHEN ASSIGNED **
The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
by Pommaq
Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
by Jerry Thomas
Solarwinds Platform < 2024.2 - Race Condition
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.
by Elhussain Fathy
CVSS 6.4
Windows Wi-Fi Driver - RCE
Windows Wi-Fi Driver Remote Code Execution Vulnerability
by 52by
PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)
by Yesith Alvarez
react-pdf - RCE
react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2.
by LOURC0D3
Progress Telerik Report Server - Insecure Deserialization
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
by sinsinology
IIS 6.0 - Buffer Overflow
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
by BasyacatX
Malicious Git HTTP Server For CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
by BasyacatX
Wbce Cms - Unrestricted File Upload
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter.
by Ahmet Ümit BAYRAM
CVSS 8.8
S9Y Serendipity - Unrestricted File Upload
Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server.
by Ahmet Ümit BAYRAM
CVSS 7.2
Dotclear - Unrestricted File Upload
Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to gain system access through the uploaded file.
by Ahmet Ümit BAYRAM
CVSS 8.8
Apprain - Unrestricted File Upload
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory.
by Ahmet Ümit BAYRAM
CVSS 8.8
Monstra CMS 3.0.4 - Remote Code Execution (RCE)
by Ahmet Ümit BAYRAM
Aquatronica Controller System <= 5.1.6 - Information Disclosure
An information disclosure vulnerability exists in Aquatronica Controller System firmware versions <= 5.1.6 and web interface versions <= 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration data, including plaintext administrative credentials. Exploitation of this flaw can lead to full compromise of the system, enabling unauthorized manipulation of connected devices and aquarium parameters.
by LiquidWorm
changedetection < 0.45.20 - Remote Code Execution (RCE)
by Zach Crosman (zcrosman)
Check Point Security Gateway - Information Disclosure (Unauthenticated)
by Yesith Alvarez
Popojicms - Code Injection
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands through a GET parameter.
by Ahmet Ümit BAYRAM
CVSS 7.2
Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)
by Ahmet Ümit BAYRAM
Modcluster Mod Proxy Cluster - XSS
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.
by Mohamed Mounir Boudjema
CVSS 5.4
ExifTool <12.38 - Command Injection
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
by cowsecurity
CVSS 7.8
Openbsd Openssh < 7.7 - Race Condition
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by cowsecurity
CVSS 5.3
SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
by Ahmet Ümit BAYRAM
By Source