Python Exploits
6,607 exploits tracked across all sources.
SyncBreeze 15.2.24 - Denial of Service via Login Endpoint Password Parameter Overflow
SyncBreeze 15.2.24 contains a denial of service vulnerability in the login authentication mechanism that allows attackers to crash the service. Attackers can send an oversized password parameter with repeated 'password=' values to overwhelm the login endpoint and potentially disrupt service availability.
by mohamed youssef
Wp2Fac 1.0 - OS Command Injection via send.php numara Parameter
Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code.
by Ahmet Ümit BAYRAM
TechView LA-5570 Wireless Gateway 1.0.19_T53 - Sensitive Information Exposure via /config/system.conf
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.
by The Security Team [exploitsecurity.io]
CVSS 7.5
Ivanti Avalanche < 6.4.1 - Remote Code Execution via Crafted Message
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.
Thanks to a Researcher at Tenable for finding and reporting.
Fixed in version 6.4.1.
by Robel Campbell
CVSS 9.8
WP Statistics <= 13.1.5 - Unauthenticated SQL Injection via current_page_id Parameter
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.
by psychoSherlock
CVSS 9.8
FileMage Gateway <1.10.8 - Path Traversal
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.
by Bryce Raindayzz Harty
CVSS 7.5
TP-Link Archer AX21 Firmware < 1.1.4 - Unauthenticated Command Injection via Country Parameter
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
by Voyag3r
CVSS 8.8
Xlight FTP Server 3.9.3.6 - Buffer Overflow
Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition.
by Yehia Elghaly
CVSS 7.5
ReyeeOS 1.204.1614 - Man-In-The-Middle
ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting the unprotected HTTP polling requests.
by Riyan Firmansyah of Seclab
CVSS 8.1
Ninja Forms < 3.6.26 - Unauthenticated Reflected Cross-Site Scripting
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.
by Mehran Seifalinia
CVSS 7.1
General Device Manager 2.5.2.2 - Buffer Overflow
General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.
by Ahmet Ümit BAYRAM
CVSS 9.8
Uvdesk 1.1.3 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image File
An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file.
by Daniel Barros
CVSS 7.8
Zomplog 3.9 - Remote Code Execution
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files (such as JavaScript) and rename them to .php via the saveE and rename actions, then execute the resulting PHP payload to run system commands.
by Mirabbas Ağalarov
CVSS 8.8
AN_GradeBook <5.0.1 - SQL Injection
The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber
by Lukas Kinneberg
CVSS 8.8
Joomla com_booking 2.4.9 Information Disclosure via Account Enumeration
Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=com_booking, controller=customer, task=getUserData, and an id parameter to retrieve user names, usernames, and email addresses through brute force enumeration.
by qw3rTyTy
CVSS 7.5
PimpMyLog 1.7.14 - Unauthenticated Admin Account Creation via Configuration Endpoint
PimpMyLog 1.7.14 contains an improper access control vulnerability that allows remote attackers to create admin accounts without authorization through the configuration endpoint. Attackers can exploit the unsanitized username field to inject malicious JavaScript, create a hidden backdoor account, and potentially access sensitive server-side log information and environmental variables.
by thoughtfault
CVSS 9.8
phpfm 1.7.9 - Auth Bypass
phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server.
by thoughtfault
CVSS 9.8
ABB Flow-X Firmware < 4.0 - Unauthenticated Sensitive Information Exposure via Web Service
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.
by Paul Smith
CVSS 5.3
Hikvision Hybrid SAN/Cluster Storage Firmware < 2.3.8-6 - OS Command Injection
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device.
by Thurein Soe
CVSS 7.5
Icinga Web 2 <2.8.6-2.10 - Authenticated RCE
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.
by Dante Corona
CVSS 8.5
Spring Cloud Function < 3.1.6 - Remote Code Execution via SpEL Routing Expression
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
by GatoGamer1155
CVSS 9.8
Lost and Found Information System v1.0 - SQL Injection
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
by Amirhossein Bahramizadeh
CVSS 9.8
Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)
by Omer Shaik
By Source