Python Exploits

5,840 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25679 EXPLOITDB HIGH python
RealTerm Serial Terminal 2.0.0.70 Buffer Overflow SEH
RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.
by Matteo Malvica
CVSS 7.8
CVE-2019-25567 EXPLOITDB MEDIUM python
Valentina Studio 9.0.5 Linux Buffer Overflow via Host Field
Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input string. Attackers can trigger the vulnerability by pasting a crafted buffer exceeding 264 bytes into the Host field during server connection attempts, causing a denial of service.
by Alejandra Sánchez
CVSS 6.2
EIP-2026-116495 EXPLOITDB python
Virtual VCR Max .0a - '.vcr' Buffer Overflow (PoC)
by Wade Guest
CVE-2019-9833 EXPLOITDB HIGH python
Screen Stream <3.0.15 - DoS
The Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests.
by s4vitar
CVSS 7.5
CVE-2018-25226 EXPLOITDB MEDIUM python
FTPShell Server 6.83 Denial of Service via Account Name
FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' parameter within the Manage FTP Accounts interface.
by Victor Mondragón
CVSS 6.2
CVE-2018-25229 EXPLOITDB MEDIUM python
BulletProof FTP Server 2019.0.0.50 Denial of Service via SMTP
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string. Attackers can input a buffer of 257 'A' characters in the SMTP Server field and trigger a crash by clicking the Test button.
by Victor Mondragón
CVSS 5.5
CVE-2018-25228 EXPLOITDB MEDIUM python
NetSetMan 4.7.1 Workgroup Buffer Overflow Denial of Service
NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to trigger a denial of service condition.
by Victor Mondragón
CVSS 6.2
CVE-2018-25227 EXPLOITDB MEDIUM python
Valentina Studio 9.0.4 Denial of Service via Host Parameter
Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host parameter during server connection attempts.
by Victor Mondragón
CVSS 6.2
CVE-2019-25570 EXPLOITDB MEDIUM python
RealTerm Serial Terminal 2.0.0.70 Denial of Service via Port Field
RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Port field. Attackers can paste a buffer of 1000 characters into the Port input field and click the open button to trigger a crash.
by Alejandra Sánchez
CVSS 5.5
CVE-2019-25569 EXPLOITDB MEDIUM python
RealTerm Serial Terminal 2.0.0.70 SEH Overflow Crash
RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler (SEH) chain corruption. Attackers can craft a malicious input string with 268 bytes of padding followed by SEH overwrite values and paste it into the Port field to cause denial of service.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-11393 EXPLOITDB CRITICAL python
M/Monit <3.7.3 - Privilege Escalation
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.
by Dolev Farhi
CVSS 9.8
EIP-2026-115903 EXPLOITDB python
NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)
by Alejandra Sánchez
EIP-2026-115902 EXPLOITDB python
NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)
by Alejandra Sánchez
CVE-2018-19908 EXPLOITDB HIGH python
MISP <2.4.99 - Command Injection
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.
by Tm9jdGlz
CVSS 8.8
CVE-2019-8387 EXPLOITDB CRITICAL python
MASTER IPCAMERA01 <3.3.4.2103 - RCE
MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.
by Raffaele Sabato
CVSS 9.8
CVE-2019-25673 EXPLOITDB HIGH python
UniSharp Laravel File Manager v2.0.0-alpha7 Arbitrary File Upload
UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by sending multipart form data to the upload endpoint. Attackers can upload PHP files with the type parameter set to Files and execute arbitrary code by accessing the uploaded file through the working directory path.
by Mohammad Danish
CVSS 8.8
CVE-2018-25238 EXPLOITDB MEDIUM python
VSCO 1.1.1.0 Denial of Service via Search
VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Attackers can paste a buffer of 5000 characters into the search bar and navigate back to trigger an application crash.
by 0xB9
CVSS 6.2
CVE-2018-25230 EXPLOITDB MEDIUM python
Free IP Switcher 3.1 Denial of Service via Computer Name
Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to trigger a denial of service condition that crashes the application.
by Victor Mondragón
CVSS 5.5
CVE-2019-25653 EXPLOITDB MEDIUM python
Navicat for Oracle 12.1.15 Password Field Denial of Service
Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during Oracle connection configuration to trigger an application crash.
by Victor Mondragón
CVSS 6.2
CVE-2019-8341 EXPLOITDB CRITICAL python
Pocoo Jinja2 - Code Injection
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing
by JameelNabbo
CVSS 9.8
CVE-2019-9831 EXPLOITDB HIGH python VERIFIED
AirMore <1.6.1 - DoS
The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests.
by s4vitar
CVSS 7.5
CVE-2019-25654 EXPLOITDB HIGH python
Core FTP/SFTP Server 1.2 Denial of Service via Buffer Overflow
Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data into the domain configuration to trigger an application crash and deny service.
by Victor Mondragón
CVSS 7.5
CVE-2019-25571 EXPLOITDB MEDIUM python
MediaMonkey 4.1.23 Denial of Service via Malformed URL
MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a URL, which causes the application to crash when the file is opened through the File > Open URL dialog.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-9601 EXPLOITDB HIGH python VERIFIED
ApowerManager <3.1.7 - DoS
The ApowerManager application through 3.1.7 for Android allows remote attackers to cause a denial of service via many simultaneous /?Key=PhoneRequestAuthorization requests.
by s4vitar
CVSS 7.5
EIP-2026-115934 EXPLOITDB python
NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)
by Alejandra Sánchez
By Source
All 5,840 Exploitdb 50,135 Writeup 46,974 Nomisec 21,281 Metasploit 3,228 Github 2,465 Vulncheck_xdb 900 Inthewild 518 Gitlab 440 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,840 c 3,571 perl 2,854 html 2,055 php 1,334 bash 459 java 361 javascript 260 c++ 247 shell 89 go 48 postscript 25 xml 24