Python Exploits
5,770 exploits tracked across all sources.
Citadel WebCit < 926 - Session Hijacking Exploit
by Simone Quatrini
WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 - Unauthenticated RCE via GET request
by Mohammed Althibyani
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
by Matthew Aberegg
CVSS 7.2
Sphider Search Engine 1.3.6 - 'word_upper_bound' RCE (Authenticated)
by Gurkirat Singh
Sentrifugo 3.2 - RCE
Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell.
by Gurkirat Singh
CVSS 8.8
GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse
by LiquidWorm
Inoideas Inoerp - Code Injection
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.
by Lyhin\'s Lab
CVSS 9.8
CMS Made Simple <2.1.6 - SSRF
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
by Gurkirat Singh
CVSS 9.8
Ajenti 2.1.36 - Command Injection
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
by Ahmet Ümit BAYRAM
CVSS 9.8
TextPattern CMS 4.8.3 - Remote Code Execution (Authenticated)
by 0blio_
Bludit - Brute Force
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
by Mayank Deshmukh
CVSS 9.8
Tiki Wiki CMS Groupware 21.1 - Authentication Bypass
by Maximilian Barz
Ultimate Project Manager CRM PRO 2.0.5 - SQL Injection
Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can exploit the /frontend/get_article_suggestion/ endpoint by crafting malicious search parameters to progressively guess and retrieve user credentials through boolean-based inference techniques.
by nag0mez
CVSS 8.2
RiteCMS 2.2.1 - Remote Code Execution (Authenticated)
by H0j3n
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
by Jonatas Fil
Comtrend AR-5387un router - Persistent XSS (Authenticated)
by OscarAkaElvis
Typesetter < 5.1 - Unrestricted File Upload
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2
by Rodolfo Tavares
CVSS 7.2
Seat Reservation System 1.0 - Remote Code Execution (Unauthenticated)
by Rahul Ramkumar
Hotel Management System 1.0 - Remote Code Execution (Authenticated)
by Aporlorxl23
rConfig 3.9.5 - Remote Code Execution (Unauthenticated)
by Daniel Monzón
MedDream PACS Server 6.8.3.751 - Remote Code Execution (Unauthenticated)
by bzyo
SEOPanel <4.7.0 - RCE
A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function.
by Kiko Andreu
CVSS 8.8
Titanhq Spamtitan - Command Injection
An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server.
by Felipe Molina
CVSS 9.8
By Source