Python Exploits
5,901 exploits tracked across all sources.
Arm Whois 3.11 - Denial of Service (PoC)
by Yair Rodríguez Aparicio
SmartFTP Client 9.0.2615.0 Denial of Service via Host Field
SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an application crash.
by Victor Mondragón
CVSS 6.2
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
by Jakub Palaczynski
R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)
by Charles Truscott
QNAP NetBak Replicator 4.5.6.0607 - Denial of Service (PoC)
by Yair Rodríguez Aparicio
Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) - SFTP Authentication Bypass
by Adam Brown
Navicat 12.0.29 - 'SSH' Denial of Service (PoC)
by Rafael Alfaro
AlienIP 2.41 - Denial of Service (PoC)
by Arturo de la Cruz Tellez
Paramiko <2.4.1 - RCE
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
by Adam Brown
CVSS 9.8
Exim < 4.90.1 - Buffer Overflow
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
by hackk.gr
CVSS 9.8
Apache OFBiz 16.11.04 - XML External Entity Injection
by Jamie Parfet
Microsoft Windows 10 - Local Privilege Escalation (UAC Bypass)
by Fabien DROMAS
libssh Authentication Bypass Scanner
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
by jas502n
CVSS 9.1
libssh Authentication Bypass Scanner
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
by Dayanç Soyadlı
CVSS 9.1
Any Sound Recorder 2.93 - Buffer Overflow (SEH)
by Abdullah Alıç
Any Sound Recorder 2.93 - Buffer Overflow (SEH)
by Abdullah Alıç
Snes9K 0.0.9z Buffer Overflow SEH via Netplay Socket
Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Socket Port Number field via the Netplay Options menu to achieve code execution through SEH chain exploitation.
by Abdullah Alıç
CVSS 8.4
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
by LiquidWorm
Phoenix Contact ILC PLCs - Info Disclosure
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
by Photubias
CVSS 7.3
Phoenix Contact ILC PLCs - Info Disclosure
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
by Photubias
CVSS 7.3
Phoenix Contact ILC PLC - Info Disclosure
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.
by Photubias
CVSS 7.3
By Source