Python Exploits
6,612 exploits tracked across all sources.
qdPM < 9.1 - Authenticated Remote Code Execution via Profile Photo Path Traversal
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.
by RedHatAugust
CVSS 8.8
blog_project/blog < 1.4 - Remote Code Execution via Unchecked Image Function Return Values
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
by Malte V
CVSS 8.5
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
by Yesith Alvarez
CVSS 9.8
Beehive Forum 1.5.2 - Host Header Injection
Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct authentication.
by Pablo Santiago
CVSS 9.8
Wondershare Dr.Fone - Unauthenticated Remote Code Execution via InstallAssistService.exe UDP Communication
Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges
by Netanel Cohen
CVSS 9.8
Prime95 Version 30.7 build 9 - Remote Code Execution (RCE)
by Yehia Elghaly
Zohocorp ManageEngine ADAudit Plus - NTLM Hash Disclosure
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
by Metin Yunus Kandemir
CVSS 8.8
Wondershare Dr.Fone - Unauthenticated Privilege Escalation via ElevationService.exe
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
by Netanel Cohen
CVSS 8.8
webtareas < 2.4 - SQL Injection via $uq POST Parameter
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
by Behrad Taher
CVSS 9.8
Navigate CMS 2.9.4 - Server-Side Request Forgery via Feed Parameter
A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.
by cheshireca7
CVSS 4.9
MyBB Admin Control Code Injection RCE
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.
by Altelus
CVSS 7.2
Anuko Time Tracker <1.20.0.5642 - SQL Injection
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin was reusing code from other places and was relying on an unsanitized date parameter in POST requests. Because the parameter was not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue has been resolved in in version 1.20.0.5642. Users unable to upgrade are advised to add their own checks to input.
by Altelus
CVSS 7.4
Akka HTTP 10.1.0-10.1.14 and 10.2.0-10.2.6 - Denial of Service via User-Agent Header with Nested Comments
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.
by cxosmo
CVSS 7.5
Apache Couchdb Erlang RCE
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
by Konstantin Burov
CVSS 9.8
GitLab Unauthenticated Remote ExifTool Command Injection
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
by UNICORD
CVSS 6.8
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor
by LiquidWorm
Ruijie ReyeeOS < 1.55.1915_ew_3.0(1)b11p55 - Remote Code Execution via updateVersion Function
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless.
by Minh Khoa
CVSS 8.8
ManageEngine ADSelfService Plus 6.1 - User Enumeration
by Metin Yunus Kandemir
WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)
by AkuCyberSec
Zenario < 9.0.55143 - Unauthenticated Remote Code Execution via File Upload
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.
by minhnq22
CVSS 7.2
Kramer VIAware < 2021-08 - Remote Code Execution via ajaxPages/writeBrowseFilePathAjax.php
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.
by sharkmoos
CVSS 9.8
PostgreSQL 9.3-11.2 - Authenticated OS Command Injection via COPY TO/FROM PROGRAM
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
by b4keSn4ke
CVSS 7.2
Kramer VIAware 2.5.0719.1034 - Incorrect Access Control
Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.
by sharkmoos
CVSS 9.8
By Source