Python Exploits
5,832 exploits tracked across all sources.
UltraVNC Launcher 1.2.2.4 Denial of Service Buffer Overflow
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payload of repeated characters through the Properties dialog to trigger a denial of service condition.
by Victor Mondragón
CVSS 6.2
UltraVNC Viewer 1.2.2.4 Denial of Service via Buffer Overflow
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeated characters into the VNC Server field and click Connect to trigger a buffer overflow that crashes the viewer.
by Victor Mondragón
CVSS 6.5
RemoteMouse 3.008 - Arbitrary Remote Command Execution
by 0rphon
MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow
by Dino Covotsos
MailCarrier 2.51 - POP3 'LIST' SEH Buffer Overflow
by Dino Covotsos
FTP Shell Server 6.83 Buffer Overflow via Account Name
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.
by Dino Covotsos
CVSS 8.4
FTPShell Server 6.83 - 'Virtual Path Mapping' Local Buffer
by Dino Covotsos
FTPShell Server 6.83 - 'Virtual Path Mapping' Local Buffer
by Dino Covotsos
Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Unauthenticated Remote Code Execution
by Julien Ahrens
Apache Axis < 7.3.5 - SSRF
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
by David Yesland
CVSS 7.5
TP-Link TL-WR940N - Buffer Overflow
TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.
by Grzegorz Wypych
CVSS 8.8
River Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code
River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a malicious activation code string. Attackers can craft a buffer containing 608 bytes of junk data followed by shellcode and SEH chain overwrite values to trigger code execution when the activation dialog processes the input.
by Chris Au
CVSS 8.4
Download Accelerator Plus DAP 10.0.6.0 SEH Buffer Overflow
Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create specially crafted URLs with overflowing buffer data that overwrites SEH pointers and executes embedded shellcode when imported through the application's web page import functionality.
by Peyman Forouzan
CVSS 9.8
FlexHEX 2.71 Local Buffer Overflow via SEH Unicode
FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overflow. Attackers can craft a malicious text file with carefully aligned shellcode and SEH chain pointers, paste the contents into the Stream Name dialog, and execute arbitrary commands like calc.exe when the exception handler is triggered.
by Chris Au
CVSS 8.4
Netatalk <3.1.12 - RCE
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
by muts
CVSS 9.8
AIDA64 Extreme 5.99.4900 SEH Buffer Overflow via Logging
AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV log file path. Attackers can inject shellcode through the Hardware Monitoring logging preferences to overflow the buffer and trigger code execution when the application processes the log file path.
by Peyman Forouzan
CVSS 8.4
Zoho ManageEngine ServiceDesk 9.3 - Privilege Escalation
Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab.
by Ata Hakçıl_ Melih Kaan Yıldız
CVSS 8.8
By Source