Python Exploits
5,738 exploits tracked across all sources.
CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution
by tmrswrr
Easywall 0.3.1 - Command Injection
Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server.
by Melvin Mejia
A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc
by George Washington
TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution
by LiquidWorm
GL.iNET GL-AR300M <4.3.7 - Command Injection
In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality.
by cyberaz0r
CVSS 9.8
GL.iNET GL-AR300M <4.3.7 - Path Traversal
In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality.
by cyberaz0r
CVSS 7.5
GL.iNET GL-AR300M <3.216 - Command Injection
In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality.
by cyberaz0r
CVSS 9.8
Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)
by Leopoldo Angulo (leoanggal1)
comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset
by Diaa Hanna
WonderCMS 4.3.2 - XSS
WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an authenticated administrator into accessing a malicious link.
by Anas Zakir
CVSS 8.8
Lost and Found Information System 1.0 - Privilege Escalation
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
by Or4nG.M4N
CVSS 9.8
ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure
by Metin Yunus Kandemir
Wordpress Seotheme - Remote Code Execution Unauthenticated
by Milad karimi
Wordpress Augmented-Reality - Remote Code Execution Unauthenticated
by Milad karimi
Milesight Routers UR5X_ UR32L_ UR32_ UR35_ UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption
by Bipin Jitiya
PCMan FTP Server 2.0 - RCE
PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access.
by Waqas Ahmed Faroouqi
CVSS 9.8
Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)
by whiteOwl
Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal
by LiquidWorm
By Source