Python Exploits
5,840 exploits tracked across all sources.
NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)
by Alejandra Sánchez
Canonical snapd <2.37.1 - Command Injection
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
by Chris Moberly
CVSS 9.8
Canonical snapd <2.37.1 - Command Injection
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
by Chris Moberly
CVSS 9.8
Shenzhen Skyworth DT741 - DoS/Remote Code Execution
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.
by Kaustubh G. Padwad
CVSS 9.8
VA MAX 8.3.4 Remote Code Execution via changeip.php
VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtu_eth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtu_eth0 field to execute commands as the apache user.
by Cody Sixteen
CVSS 8.8
River Past Video Cleaner 7.6.3 Buffer Overflow via SEH
River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll field. Attackers can craft a payload with 280 bytes of padding, a next structured exception handler override, and shellcode to trigger code execution when the application processes the input.
by crash_manucoot
CVSS 8.4
River Past CamDo 3.7.6 Structured Exception Handler Buffer Overflow
River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll name field. Attackers can craft a payload with a 280-byte buffer, NSEH jump instruction, and SEH handler address pointing to a pop-pop-ret gadget to trigger code execution and establish a bind shell on port 3110.
by Achilles
CVSS 8.4
NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow
NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash.
by Alejandra Sánchez
CVSS 6.2
Aveva Indusoft Web Studio - Missing Authentication
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine.
by Jacob Baines
CVSS 9.8
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)
by Juan Prescotto
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)
by Juan Prescotto
Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure
by Nathu Nandwani
AVEVA Software, LLC InduSoft Web Studio <8.1 SP3 & InTouch Edge HMI...
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.
by Jacob Baines
CVSS 7.5
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
by Matteo Malvica
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
by Matteo Malvica
Device Monitoring Studio 8.10.00.8925 Denial of Service
Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface.
by Victor Mondragón
CVSS 6.2
River Past Audio Converter 7.7.16 Local Buffer Overflow DoS
River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a large payload of repeated characters into the 'E-Mail and Activation Code' field and click 'Activate' to trigger a denial of service condition.
by Achilles
CVSS 5.5
SpotAuditor 3.6.7 Denial of Service Buffer Overflow
SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition.
by Rafael Pedrero
CVSS 6.2
River Past Ringtone Converter 2.7.6.1601 Buffer Overflow DoS
River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can paste 300 bytes of data into the Email textbox and Activation code textarea via the Help menu's Activate dialog to trigger a denial of service condition.
by Rafael Pedrero
CVSS 6.2
TaskInfo 8.2.0.280 Denial of Service Buffer Overflow
TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively long strings into the New User Name or New Serial Number textboxes in the Help menu's registration dialog to trigger a denial of service condition.
by Rafael Pedrero
CVSS 6.2
MyVideoConverter Pro 3.14 Denial of Service Buffer Overflow
MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. Attackers can paste a malicious payload containing 10000 bytes into the 'Copy and Paste Registration Code' field to trigger a denial of service condition.
by Achilles
CVSS 6.2
Remote Process Explorer 1.0.0.16 Local Buffer Overflow DoS
Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by connecting to the added computer, overwriting the SEH chain and corrupting exception handlers.
by Rafael Pedrero
CVSS 6.2
PassFab Excel Password Recovery 8.3.1 SEH Buffer Overflow
PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the registration code field. Attackers can craft a buffer overflow payload with a pop-pop-ret gadget and shellcode that triggers code execution when pasted into the Licensed E-mail and Registration Code field during the registration process.
by Achilles
CVSS 8.4
By Source