Python Exploits
5,798 exploits tracked across all sources.
Citrix XenMobile Server <10.8 - XSS
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
by Jonas Lejon
CVSS 9.8
Microsoft SharePoint - RCE
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
by Voulnet
CVSS 9.8
Sysax Multi Server 5.50 - Denial of Service (PoC)
by Shailesh Kumavat
Torrent FLV Converter <1.51 Build 117 - Buffer Overflow
Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially execute arbitrary code on vulnerable Windows 32-bit systems.
by antonio
CVSS 9.8
GTalk Password Finder 2.2.1 - DoS
GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
APKF Product Key Finder <2.5.8.0 - DoS
APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass
by B. Canavate
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
by Raphael Karger
Top Password Software Dialup Password Recovery <1.30 - DoS
Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and Registration Code input fields.
by antonio
CVSS 7.5
Top Password Firefox Password Recovery <2.8 - DoS
Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input fields.
by antonio
CVSS 7.5
TaskCanvas 1.4.0 - DoS
TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
SpotOutlook 1.2.6 - DoS
SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive.
by Ismail Tasdelen
CVSS 7.5
SpotDialup 1.6.7 - DoS
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
Chevereto 3.13.4 Core - RCE
Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a crafted POST request.
by Jinny Ramsmark
CVSS 9.8
Backup Key Recovery <2.2.5 - DoS
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.
by Ismail Tasdelen
CVSS 7.5
Allok Video Converter <4.6.1217 - RCE
Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands by injecting malicious bytecode into the input field.
by antonio
CVSS 9.8
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe.
by antonio
CVSS 9.8
Microsoft Windows 10 build 1809 - Local Privilege Escalation (UAC Bypass)
by Nassim Asrir
Cisco Firepower Services Software For Asa - Improper Input Validation
A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked.
by TrustedSec
CVSS 5.8
Rasilient Pixelstor 5000 Firmware - OS Command Injection
languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.
by .:UND3R:.
CVSS 9.8
ZIP Password Recovery 2.30 - DoS
ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting a ZIP file.
by ZwX
CVSS 7.5
Oracle Communications Diameter Signal... - Improper Access Control
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by james
CVSS 9.8
Phpgurukul Online Book Store - Unrestricted File Upload
An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
by Tib3rius
CVSS 9.8
By Source