Python Exploits
6,612 exploits tracked across all sources.
iRZ Mobile Router Firmware < 2022-03-16 - Cross-Site Request Forgery via Crontab API
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor's defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router's default credentials aren't rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.
by John Jackson
CVSS 8.8
Pluck 4.7.16 - Authenticated Remote Code Execution via Theme Upload
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.
by Ashish Koli
CVSS 7.2
APISIX Admin API default access token RCE
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.
by Ven3xy
CVSS 9.8
SEOWON INTECH SLC-130,SLR-120S - RCE
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
by Aryan Chehreghani
CVSS 9.8
Zabbix 5.0.17 - Remote Code Execution (RCE) (Authenticated)
by Hussien Misbah
Audio Conversion Wizard v2.01 - Buffer Overflow
Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory with a specially crafted registration code. Attackers can generate a payload that overwrites the application's memory stack, potentially enabling remote code execution through a carefully constructed input buffer.
by Hejap Zairy Al-Sharif
CVSS 9.8
webmin < 1.990 - Improper Access Control to Remote Code Execution
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
by faisalfs10x
CVSS 8.8
Sourcecodester Attendance and Payroll System 1.0 - SQL Injection via Login Parameters
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters.
by pr0z
CVSS 9.8
Sourcecodester Attendance and Payroll System 1.0 - Unauthenticated Remote Code Execution via Photo Upload
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.
by pr0z
CVSS 9.8
Spring Cloud Gateway Remote Code Execution
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
by Carlos E. Vieira
CVSS 10.0
Xerte < 3.9 - Authenticated Remote Code Execution via Language File Upload
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable.
by Rik Lutz
CVSS 8.8
Xerte < 3.10.3 - Path Traversal via Project File Download
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.
by Rik Lutz
CVSS 6.5
Cobian Reflector 0.9.93 RC1 - Denial of Service via Password Field Buffer Overflow
Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can paste a large 8000-byte buffer into the password field to trigger an application crash during SFTP task configuration.
by Luis Martínez
CVSS 6.2
Cobian Backup 11 Gravity 11.2.0.582 - DoS
Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers can generate a specially crafted 800-byte buffer and paste it into the password field to trigger an application crash.
by Luis Martínez
CVSS 5.5
WebHMI 4.1.1 - Remote Code Execution (RCE) (Authenticated)
by Antonio Cuomo
ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 - Unauthenticated Arbitrary File Write
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files.
by LiquidWorm
CVSS 9.1
WP User Frontend <3.5.26 - SQL Injection
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
by Ron Jost
CVSS 8.8
The Perfect Survey WP <1.5.2 - SQL Injection
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
by Ron Jost
CVSS 9.8
WordPress Plugin dzs-zoomsounds 6.60 - Remote Code Execution (RCE) (Unauthenticated)
by Overthinker1877
HotelDruid 3.0.3 - Remote Code Execution via Create New Room Name Field
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.
by 0z09e
CVSS 8.8
ServiceNow Orlando - Info Disclosure
The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.
by Victor Hanna
CVSS 5.3
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
by Ron Jost
CVSS 9.8
Wing FTP Server 4.3.8 - Remote Code Execution (RCE) (Authenticated)
by notcos
By Source