Python Exploits
6,611 exploits tracked across all sources.
Screen SFT DAB 600/C firmware <1.9.3 - Auth Bypass
Screen SFT DAB 600/C firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to change user passwords without proper authentication.
by LiquidWorm
CVSS 7.5
Screen SFT DAB 600/C Firmware 1.9.3 - Auth Bypass
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication.
by LiquidWorm
CVSS 9.8
Screen SFT DAB 600/C 1.9.3 - Auth Bypass
Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password to directly modify the admin account's authentication.
by LiquidWorm
CVSS 7.5
Screen SFT DAB 1.9.3 - Authentication Bypass via Session Fixation
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter.
by LiquidWorm
CVSS 8.8
Screen SFT DAB 1.9.3 - Unauthenticated Authentication Bypass via Session Fixation
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.
by LiquidWorm
CVSS 6.5
Screen SFT DAB Series - Compact Radio DAB Transmitter 1.9.3 - Authentication Bypass via IP Session Reuse
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
by LiquidWorm
CVSS 8.1
Screen SFT DAB Series 1.9.3 - Unauthenticated Authentication Bypass via userManager.cgx Endpoint
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.
by LiquidWorm
CVSS 9.8
GetSimple CMS 3.3.16 - Remote Code Execution via Edited File Parameter
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.
by Youssef Muhammad
CVSS 9.8
Best POS Management System v1.0 - Unauthenticated Remote Code Execution
by Mesut Cetin
PaperCut MF and NG 8.0-20.1.7 - Unauthenticated Remote Code Execution via SetupCompleted
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
by MaanVader
CVSS 9.8
Apache Superset Signed Cookie Priv Esc
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.
All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.
Add a strong SECRET_KEY to your `superset_config.py` file like:
SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>
Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.
by MaanVader
CVSS 8.9
Screen SFT DAB 600/C - Authentication Bypass Account Creation
by LiquidWorm
Apache Superset Signed Cookie Priv Esc
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.
All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.
Add a strong SECRET_KEY to your `superset_config.py` file like:
SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>
Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.
by mangjong
CVSS 8.9
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by mangjong
CVSS 9.8
TEM FLEX-1085 1.6.0 - Denial of Service via /sistema/flash/reboot
A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by Mr Empy
CVSS 7.5
File Thingie 2.5.7 - Authenticated Arbitrary File Upload via PHP Zip Archive
File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with a command parameter.
by Maurice Fielenbach
CVSS 8.8
UliCMS 2023.1 - Privilege Escalation
UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with full system access.
by Mirabbas Ağalarov
CVSS 9.8
Online Pizza Ordering System 1.0 - Unrestricted File Upload via admin/ajax.php img Parameter
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236.
by URGAN
CVSS 6.3
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.
by incogbyte
phpipam 1.4.4 - Authenticated SQL Injection via Subnet Parameter
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
by incogbyte
Contact Form 7 < 5.3.2 - Unrestricted File Upload and Remote Code Execution via Filename Special Characters
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
by incogbyte
OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and password combinations without account lockout restrictions.
by abhhi (Abhishek Birdawade)
CVSS 7.5
GLPI 9.5.7 - Username Enumeration via Lost Password Endpoint
GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.
by Rafael B.
CVSS 5.3
FS S3900-24T4S - Privilege Escalation
FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password.
by Daniele Linguaglossa
CVSS 8.8
Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution
by Or4nG.M4N
By Source