Python Exploits
6,611 exploits tracked across all sources.
Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification
by LiquidWorm
EasyNAS 1.1.0 - OS Command Injection via /backup.pl
A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
by Ivan Spiridonov
CVSS 6.3
Arris TG2482A Firmware <= 9.1.103GEM9 - Remote Code Execution via Ping Utility
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.
by Yerodin Richards
CVSS 8.8
PhotoShow 3.0 - Authenticated Remote Code Execution via Exiftran Path Injection
PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a crafted video upload process.
by LSCP Responsible Disclosure Lab
CVSS 7.2
Kardex Mlog MCC 5.7.12+0-a203c2a213-master - Remote Code Execution via Path Traversal and T4 Template Injection
Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code.
by Patrick Hener
CVSS 9.8
binwalk 2.1.2b-2.3.3 - Path Traversal and Remote Code Execution via Malicious PFS Filesystem
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins.
This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.
This issue affects binwalk from 2.1.2b through 2.3.3 included.
by Etienne Lacoche
CVSS 7.8
Tecrail Responsive FileManager <9.9.5 - Code Injection
An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.
by Galoget Latorre
CVSS 8.8
froxlor/froxlor <2.0.8 - Command Injection
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
by Askar
CVSS 8.8
PostgreSQL 9.3-11.2 - Authenticated OS Command Injection via COPY TO/FROM PROGRAM
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
by Paulo Trindade
CVSS 7.2
Apache Tomcat 8.5.38-8.5.78 and 10.1.0-M1-10.1.0-M14 - Denial of Service via EncryptInterceptor
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
by Cristian Giustini
CVSS 7.5
GNU Screen < 4.9.0 - Denial of Service via Privileged SIGHUP Signal
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
by Manuel Andreas
CVSS 6.5
Liferay Portal 6.2.5 - OS Command Injection via File Upload Request
Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not demonstrate how an unauthorized user can upload a file.
by Fu2x2000
CVSS 9.8
Dell EMC Networking X-Series <3.0.1.2, PC5500 <4.1.0.22, PowerEdge VRTX Switch Modules <2.0.0.77 - Info Disclosure
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints.
by Ken Pyle
CVSS 8.1
answerdev/answer < 1.0.4 - Account Takeover via Improper Access Control
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
by Eduardo Pérez-Malumbres Cervera
CVSS 9.8
MyBB 1.8.32 - Authenticated Remote Code Execution via Chained Avatar Upload and Language Configuration
MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration editing interface.
by lUc1f3r11
CVSS 8.8
Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow
by Knursoft
WordPress File Manager Unauthenticated Remote Code Execution
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
by BLY
CVSS 10.0
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection via Order REST Route Code Parameter
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
by r3nt0n
CVSS 9.8
Nacos < 2.0.3 - Improper Authentication via Packet Manipulation
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
by Jenson Zhao
CVSS 8.8
GitLab CE/EE <15.1.5-15.3.1 - Authenticated RCE
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
by Antonio Francesco Sardella
CVSS 9.9
Apache HTTP Server < 2.4.52 - Buffer Overflow in mod_lua Multipart Parser
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
by Sunil Iyengar
CVSS 9.8
TP-Link TL-WR902AC Firmware < 3.0.9.1 - Authenticated Remote Code Execution via Crafted Firmware Update
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.
by Tobias Müller
CVSS 8.8
Nexxt Amp300 ARN02304U8 RCE via Ping Feature JSON Host Field
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required
by Yerodin Richards
CVSS 8.8
rConfig 3.9.7 - SQL Injection via Command Parameter in ajaxCompareGetCmdDates
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv).
by azhen
CVSS 8.8
By Source