Python Exploits

6,637 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-36880 EXPLOITDB HIGH python
Flexsense DiskBoss 7.7.14 - Buffer Overflow
Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system.
by MasterVlad
CVSS 7.8
EIP-2026-115020 EXPLOITDB python
Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service (PoC + SEH Overwrite)
by Felipe Winsnes
CVE-2016-9488 EXPLOITDB CRITICAL python
ManageEngine Applications Manager 12-13 < 13200 - Unauthenticated SQL Injection via MenuHandlerServlet
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, which are MD5 hashes without salt, and, depending on the database type and its configuration, could also execute operating system commands using SQL queries.
by aldorm
CVSS 9.8
CVE-2020-5902 EXPLOITDB CRITICAL python
BIG-IP 11.6.1-11.6.5.1 - Remote Code Execution via TMUI Undisclosed Pages
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
by Carlos E. Vieira
CVSS 9.8
CVE-2020-37029 EXPLOITDB HIGH python
FTPDummy 4.80 - Local Buffer Overflow via Preference File Handling
FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exception handler overwrite and execute system commands.
by Felipe Winsnes
CVSS 8.4
CVE-2020-37005 EXPLOITDB HIGH python
TimeClock Software 1.01 - Authenticated SQL Injection
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add_entry.php endpoint to determine user existence by measuring response time differences.
by François Bibeau
CVSS 7.1
EIP-2026-117917 EXPLOITDB python
Snes9K 0.09z - 'Port Number' Buffer Overflow (SEH)
by MasterVlad
CVE-2019-25232 EXPLOITDB CRITICAL python
NetPCLinker 1.0.0.0 - Buffer Overflow
NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in the DNS/IP input to overwrite SEH handlers and execute shellcode when adding a new client.
by Saeed reza Zamanian
CVSS 9.8
EIP-2026-104447 EXPLOITDB python
Sophos VPN Web Panel 2020 - Denial of Service (Poc)
by Berk KIRAS
CVE-2020-37031 EXPLOITDB HIGH python
Simple Startup Manager 1.17 - Buffer Overflow
Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft a malicious payload with 268 bytes to trigger code execution, bypassing DEP and overwriting memory addresses to launch calc.exe.
by PovlTekstTV
CVSS 8.4
CVE-2019-16116 EXPLOITDB MEDIUM python
EnterpriseDT CompleteFTP Server <12.1.3 - Info Disclosure
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.
by 1F98D
CVSS 4.3
CVE-2020-37027 EXPLOITDB CRITICAL python
Sickbeard alpha - Command Injection
Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the vulnerable Sickbeard installation.
by bdrake
CVSS 9.8
EIP-2026-115250 EXPLOITDB python
Fire Web Server 0.1 - Remote Denial of Service (PoC)
by Saeed reza Zamanian
EIP-2026-114614 EXPLOITDB python
ZenTao Pro 8.8.2 - Command Injection
by Daniel Monzón
CVE-2020-37036 EXPLOITDB HIGH python
RM Downloader 2.50.60 - Buffer Overflow
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching calc.exe.
by Paras Bhatia
CVSS 8.4
CVE-2020-37038 EXPLOITDB HIGH python
Code Blocks 20.03 - Denial of Service via FSymbols Search Field
Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash.
by Paras Bhatia
CVSS 7.5
EIP-2026-112449 EXPLOITDB python
Student Enrollment 1.0 - Unauthenticated Remote Code Execution
by Enesdex
CVE-2020-37040 EXPLOITDB HIGH python
Code Blocks 17.12 - Buffer Overflow
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe.
by Paras Bhatia
CVSS 8.4
CVE-2020-5515 EXPLOITDB HIGH python
Gila CMS 1.11.8 - SQL Injection via Admin SQL Query Parameter
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
by BillyV4
CVSS 7.2
CVE-2020-12712 EXPLOITDB HIGH python
SOS JobScheduler <1.13 - Info Disclosure
A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile.
by Sander Ubink
CVSS 7.5
EIP-2026-101868 EXPLOITDB python
Netgear R7000 Router - Remote Code Execution
by grimm-co
EIP-2026-104437 EXPLOITDB python
SmarterMail 16 - Arbitrary File Upload
by vvhack.org
CVE-2020-37042 EXPLOITDB HIGH python
Frigate Professional 3.36.0.9 - Buffer Overflow
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code execution and launching calculator as a proof of concept.
by Paras Bhatia
CVSS 8.4
CVE-2020-37043 EXPLOITDB CRITICAL python
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow
10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling remote code execution and launching arbitrary system commands.
by boku
CVSS 9.8
EIP-2026-103921 EXPLOITDB python
HFS Http File Server 2.3m Build 300 - Buffer Overflow (PoC)
by hyp3rlinx
By Source
All 6,637 Writeup 62,600 Exploitdb 50,076 Nomisec 22,502 Github 3,754 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 483 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,637 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 140 go 74 postscript 25 typescript 25