Python Exploits
5,770 exploits tracked across all sources.
ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow (DEP_ASLR Bypass) (PoC)
by Paras Bhatia
Midasolutions Eframework < 2.9.0 - OS Command Injection
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
by elbae
CVSS 9.8
Microsoft .net Core < 15.9 - Remote Code Execution
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
by West Shepherd
CVSS 7.8
Artica Web Proxy 4.30.00000000 - SQL Injection
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
by Dan Duffy
CVSS 9.8
QlikView 12.50.20000.0 - DoS
QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality.
by Luis Martínez
CVSS 6.2
Acti Nvr - Buffer Overflow
ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload.
by MegaMagnus
CVSS 7.5
Mocha Telnet Lite for iOS 4.2 - DoS
Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User' field with 350 bytes of repeated characters to trigger an application crash and prevent normal functionality.
by Luis Martínez
CVSS 7.5
RTSP for iOS 1.0 - 'IP Address' Denial of Service (PoC)
by Luis Martínez
Pi-hole Web <4.3.2 - RCE
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
by Luis Vacacas
CVSS 7.2
Daily Expenses Management System 1.0 - 'username' SQL Injection
by Daniel Ortiz
BacklinkSpeed 2.4 - Buffer Overflow
BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler (SEH) chain through malicious file import. Attackers can craft a specially designed payload file to overwrite SEH addresses, potentially executing arbitrary code and gaining control of the application.
by Saeed reza Zamanian
CVSS 9.8
eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution
by Berk KIRAS
Socusoft Photo to Video Converter Professional 8.07 - Buffer Overflow
Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the output folder field to trigger a stack-based buffer overflow and potentially execute shellcode.
by MasterVlad
CVSS 8.4
Port Forwarding Wizard 4.8.0 - RCE
Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malicious payload with an egg tag and overwrite SEH handlers to potentially execute shellcode on vulnerable Windows systems.
by Sarang Tumne
CVSS 8.4
Nidesoft DVD Ripper 5.2.18 - Buffer Overflow
Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigger a stack-based buffer overflow and execute shellcode.
by Felipe Winsnes
CVSS 8.4
Frigate Professional 3.36.0.9 - Buffer Overflow
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the Structured Exception Handler (SEH) and uses an egghunter technique to execute a reverse shell payload.
by MasterVlad
CVSS 8.4
Free MP3 CD Ripper 2.8 - RCE
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, SEH bypass, and egghunter technique to achieve remote code execution on vulnerable Windows systems.
by Eduard Palisek
CVSS 9.8
SourceCodester Online Course Registration v1.0 - RCE
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo.
by boku
CVSS 9.8
Flexsense DiskBoss 7.7.14 - Buffer Overflow
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system.
by MasterVlad
CVSS 7.8
Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
by Felipe Winsnes
Manageengine Applications Manager - SQL Injection
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.
by aldorm
CVSS 9.8
BIG-IP <15.2 - RCE
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
by Carlos E. Vieira
CVSS 9.8
FTPDummy 4.80 - Buffer Overflow
FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system commands.
by Felipe Winsnes
CVSS 8.4
TimeClock Software 1.01 - Authenticated SQL Injection
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add_entry.php endpoint to determine user existence by measuring response time differences.
by François Bibeau
CVSS 7.1
By Source