Python Exploits
6,607 exploits tracked across all sources.
Lost and Found Information System 1.0 - Privilege Escalation
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
by Or4nG.M4N
CVSS 9.8
ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure
by Metin Yunus Kandemir
WP Travel Kit Travelscape - WordPress Seotheme Remote Code Execution Unauthenticated
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access.
by Milad karimi
CVSS 9.8
WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated
WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to create malicious PHP files in the file_manager directory and execute them on the server.
by Milad karimi
CVSS 7.5
Milesight Routers UR5X_ UR32L_ UR32_ UR35_ UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption
by Bipin Jitiya
PCMan FTP Server 2.0 - Stack-based Buffer Overflow via PWD Command
PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access.
by Waqas Ahmed Faroouqi
CVSS 9.8
Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)
by whiteOwl
Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal
by LiquidWorm
Digi Passport Firmware <1.5.1 - Buffer Overflow
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.
by X-C3LL
Ruckus <1.5.1.0.21 - Command Injection
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
by X-C3LL
Leostream Connection Broker 8.2.x - XSS
Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
by X-C3LL
nfdump < 1.6.17 - Denial of Service via Integer Overflow in Process_ipfix_template_withdraw
nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).
by X-C3LL
ZeroShell 3.9.0 - Unauthenticated Remote Command Execution via HTTP Parameter Injection
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
by X-C3LL
Ampache < 3.9.1 - Stored Cross-Site Scripting via LocalPlay Add Instance
An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker.
by X-C3LL
ArubaOS < 6.4.4.21 - Remote Code Execution via PAPI Protocol
A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked.
by X-C3LL
Swoole 4.0.4 - Denial of Service via Unpack Deserialization Size Check Bypass
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
by X-C3LL
ubiQuoss Switch VP5208A - Info Disclosure
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).
by X-C3LL
AeroAdmin 4.1 - Denial of Service via Buffer Overflow
AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service.
by X-C3LL
YADIFA < 2.2.6 - Denial of Service via DNS Packet Parser Infinite Loop
The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.
by X-C3LL
Cobian Backup 11 - Remote Code Execution via Pre-Backup Event Command Injection
Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events.
by X-C3LL
GTB Central Console 15.17.1-30814.NG - Command Injection
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform.
by X-C3LL
By Source