Python Exploits
6,637 exploits tracked across all sources.
Dameware Remote Support 12.1.1.273 - Buffer Overflow (SEH)
by gurbanli
Complaint Management System 1.0 - 'username' SQL Injection
by Daniel Ortiz
Remote Desktop Audit 2.3.0.157 - RCE
Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) bypass and execute shellcode when importing computer lists.
by gurbanli
CVSS 9.8
LanSend 3.2 - Remote Code Execution via Add Computers Wizard File Import
LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH) overwrite and execute shellcode when importing computers from a file.
by gurbanli
CVSS 9.8
TylerTech Eagle 2018.3.11 - Remote Code Execution via Untrusted Java Deserialization
TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI.
by Anthony Cole
CVSS 8.8
WordPress Plugin Simple File List 4.2.2 - Remote Code Execution
by coiffeur
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
by Nick Frichette
CVSS 8.8
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
by Nick Frichette
CVSS 8.8
VirtualTablet Server 3.0.2 - Denial of Service via Oversized Thrift Payload
VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send_say() method, causing the server to become unresponsive.
by Dolev Farhi
CVSS 7.5
Open-AudIT Professional 3.3.1 - Remote Code Execution
by Askar
RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow (SEH)
by Felipe Winsnes
CarbonFTP 1.4 - Use of a Broken or Risky Cryptographic Algorithm
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.
by hyp3rlinx
CVSS 5.5
Atomic Alarm Clock 6.3 Stack Overflow via SEH Unicode
Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and encoded shellcode to bypass SafeSEH protections and execute arbitrary commands with application privileges.
by boku
CVSS 8.4
Rubo DICOM Viewer 2.0 - Buffer Overflow
Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and triggering remote code execution.
by bzyo
CVSS 9.8
Nsasoft Nsauditor 3.0.28 and 3.2.1.0 - Stack-based Buffer Overflow via DNS Lookup Tool
Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS query payload to trigger a three-byte overwrite, bypass ASLR, and execute shellcode through a carefully constructed exploit.
by Cervoise
CVSS 9.8
CODE::BLOCKS 16.01 - Buffer Overflow
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code execution.
by T3jv1l
CVSS 5.5
Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow (SEH + DEP)
by Bailey Belisario
B64dec 1.1.2 - Stack-based Buffer Overflow via Crafted Base64 Input
B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during base64 decoding process.
by Andy Bowden
CVSS 9.8
By Source