Python Exploits
5,750 exploits tracked across all sources.
Oracle WebLogic Server - Info Disclosure
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.
by Y5neKO
Oracle Virtual Desktop Infrastructure - Insecure Deserialization
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
by Y5neKO
Oracle WebLogic Server <10.3.6.0 - Info Disclosure
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.
by Y5neKO
6 stars
Phpmyadmin < 3.3.10.2 - Code Injection
libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."
by Y5neKO
6 stars
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection (2)
by Mohin Paramasivam
Smartftp - Resource Allocation Without Limits
SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client's interface.
by Eric Salario
CVSS 7.5
Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload
by a-rey
Patient Appointment Scheduler System 1.0 - Persistent Cross-Site Scripting
by a-rey
Flatcore-cms - Unrestricted File Upload
Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code.
by Mason Soroka-Gill
CVSS 7.2
Telegram Desktop - Resource Allocation Without Limits
Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into the messaging interface to trigger an application crash.
by Aryan Chehreghani
CVSS 7.5
Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
by Tagoletta
Atlassian Confluence Server and Data Center - OGNL Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
by Fellipe Oliveira
CVSS 9.8
Umbraco CMS <=8.9.1 - Path Traversal
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
by BitTheByte
CVSS 6.5
Zeslecp < 3.1.9 - OS Command Injection
ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a specified listening host.
by numan türle
CVSS 8.8
Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated)
by Musyoka Ian
Strapi <3.0.0-beta.17.8 - RCE
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
by David Utón
CVSS 7.2
Strapi CMS Unauthenticated Password Reset
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
by David Anglada
CVSS 9.8
Usermin 1.820 - Remote Code Execution (RCE) (Authenticated)
by numan türle
MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2)
by ninpwn
CyberPanel 2.1 - Remote Code Execution (RCE) (Authenticated)
by numan türle
WordPress Plugin Mail Masta 1.0 - Local File Inclusion (2)
by Matheus Alexandre
Online Leave Management System 1.0 - Arbitrary File Upload to Shell (Unauthenticated)
by Justin White
HP Officejet 7110 Firmware - XSS
A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).
by Tyler Butler
CVSS 4.8
RaspAP 2.6.6 - Remote Code Execution (RCE) (Authenticated)
by Moritz Gruber
Online Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
by Halit AKAYDIN
By Source