Python Exploits
6,606 exploits tracked across all sources.
Check Point Security Gateway - Information Disclosure (Unauthenticated)
by Yesith Alvarez
PopojiCMS 2.0.1 - Authenticated Remote Code Execution via Metadata Settings
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands through a GET parameter.
by Ahmet Ümit BAYRAM
CVSS 7.2
Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)
by Ahmet Ümit BAYRAM
mod_proxy_cluster - Stored Cross-Site Scripting via Alias Parameter
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.
by Mohamed Mounir Boudjema
CVSS 5.4
ExifTool <12.38 - Command Injection
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
by cowsecurity
CVSS 7.8
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
by cowsecurity
CVSS 5.3
SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
by Ahmet Ümit BAYRAM
djangorestframework-simplejwt <5.3.1 - Info Disclosure
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.
by Dhrumil Mistry
CVSS 5.5
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
by Matisse Beckandt
CVSS 9.8
Compuware iStrobe Web 20.13 - Unauthenticated Remote Code Execution via JSP File Upload
Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute arbitrary commands by sending POST requests to the uploaded JSP endpoint.
by trancap
Stock Management System 1.0 - SQL Injection via manage_bo.php id Parameter
SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file.
by blu3ming
CVSS 9.8
Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - _sort_ parameter
by Julio Ángel Ferrari
MinIO < 2022-07-29T19-40-48Z - Path Traversal via ServerUpdate API
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies.
by Immer5ion
CVSS 7.4
MinIO < 0.0.0-20240131185645-0ae4915a9391 - Improper Privilege Management via Access Key Permission Inheritance
MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z.
by Immer5ion
CVSS 8.8
Nacos < 2.0.3 - Improper Authentication via Packet Manipulation
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
by Immer5ion
CVSS 8.8
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L - OS Command Injection via nas_sharing.cgi System Parameter
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
by Ap0dexMe0
WordPress Theme Travelscape 1.0.3 Arbitrary File Upload
WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation.
by Milad karimi
CVSS 9.8
Open Source Medicine Ordering System v1.0 - SQLi
by Onur Karasalihoğlu
Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass
by LiquidWorm
CE Phoenix 1.0.8.20 - Remote Code Execution via define_language.php
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
by tmrswrr
CVSS 7.2
Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)
by Gian Paris C. Agsam
GL-iNet Firmware - Unauthenticated Sensitive Information Exposure via File Download Commands
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.
by Bandar Alharbi
CVSS 7.5
By Source