Python Exploits
6,606 exploits tracked across all sources.
Mikrotik RouterOS 6.40.5-6.49.10 - DoS
Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445.
by ice-wzl
CVSS 7.5
Siklu MultiHaul TG series < 2.0.0 - Unauthenticated Credential Disclosure via Port 12777
Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling direct SSH access to the device.
by semaja2
Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)
by Sean Pesce
Apache 2.4.49/2.4.50 Traversal RCE
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
by vadimgggg
Grafana 3.0.1-7.0.1 - Unauthenticated Server-Side Request Forgery via Avatar Feature
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault.
by vadimgggg
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
by vadimgggg
ProFTPD 1.3.5 - Unauthenticated Arbitrary File Read and Write via mod_copy Site Commands
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
by vadimgggg
1 stars
OpenSSL 1.0.1-1.0.1f - Out-of-bounds Read via Heartbeat Extension
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
by vadimgggg
Craft CMS 4.4.14 - Unauthenticated Remote Code Execution
by Olivier Lasne
SMU <14.8.7825.01 - Info Disclosure
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.
by Arslan Masood
CVSS 7.6
Mirth Connect Deserialization RCE
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
by jakabakos
Gibbon < 26.0.00 - Authenticated PHP Deserialization via columnOrder Parameter
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.
by Ali Maharramli_Fikrat Guliev_Islam Rzayev
CVSS 8.8
ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
by Ravindu Wickramasinghe
TELSAT marKoni FM Transmitter 1.9.5 - Root Command Injection
by LiquidWorm
LaborOfficeFree 19.10 - MySQL Root Password Calculator
by Peter Gabaldon
9bis/kitty < 0.76.1.13 - Command Injection via Filename Variable
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
by DEFCESCO
CVSS 7.8
KiTTY < 0.76.1.13 - Stack-Based Buffer Overflow via Username Input
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
by DEFCESCO
CVSS 7.8
9bis/kitty < 0.76.1.13 - Stack-Based Buffer Overflow via Hostname
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.
by DEFCESCO
CVSS 7.8
JetBrains TeamCity < 2023.05.4 - Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
by ByteHunter
CVSS 9.8
Viessmann Vitogate 300 <2.1.3.0 - Direct Request
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
by ByteHunter
CVSS 4.3
SolarView Compact Firmware <= 6.00 - Remote Command Execution via downloader.php
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
by ByteHunter
CVSS 9.8
Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)
by ByteHunter
By Source