Python Exploits

6,637 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-37139 EXPLOITDB HIGH python
Odin Secure FTP Expert 7.6.3 - Buffer Overflow
Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a buffer overflow by pasting 108 bytes of repeated characters into connection fields, causing the application to crash.
by Ivan Marmolejo
CVSS 8.4
CVE-2020-37138 EXPLOITDB CRITICAL python
10-Strike Network Inventory Explorer 9.03 - Buffer Overflow
10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious text file with carefully constructed payload to trigger a stack-based buffer overflow and bypass data execution prevention through a ROP chain.
by Hodorsec
CVSS 9.8
EIP-2026-100945 EXPLOITDB python
Zen Load Balancer 3.10.1 - Remote Code Execution
by Cody Sixteen
CVE-2020-37140 EXPLOITDB MEDIUM python
Everest 5.50.2100 - Denial of Service via File Open Dialog Buffer Overflow
Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigger an application crash.
by Ivan Marmolejo
CVSS 5.5
EIP-2026-117106 EXPLOITDB python
Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow (SEH)
by Felipe Winsnes
EIP-2026-111691 EXPLOITDB python
rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution
by vikingfr
EIP-2026-102386 EXPLOITDB python
Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal
by hongphukt
EIP-2026-105777 EXPLOITDB python
Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution
by Engin Demirbilek
CVE-2020-9375 EXPLOITDB HIGH python
TP-Link Archer C50 V3 - Denial of Service via Crafted HTTP Referer Header
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.
by thewhiteh4t
CVSS 7.5
CVE-2020-37142 EXPLOITDB HIGH python
10-Strike Network Inventory Explorer 8.54 - Buffer Overflow
10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' parameter during the 'Add' function to trigger remote code execution.
by Felipe Winsnes
CVSS 8.4
CVE-2020-5722 EXPLOITDB CRITICAL python
Grandstream UCM6200 <1.0.19.20 - SQL Injection
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.
by Jacob Baines
CVSS 9.8
CVE-2020-37143 EXPLOITDB HIGH python
ProficySCADA for iOS <5.0.25920 - DoS
ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful authentication.
by Ivan Marmolejo
CVSS 7.5
CVE-2020-10879 EXPLOITDB CRITICAL python
rconfig < 3.9.5 - OS Command Injection via nodeId Parameter
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
by Matthew Aberegg
CVSS 9.8
CVE-2019-15126 EXPLOITDB LOW python
Apple Ipados < 13.2 - TOCTOU Race Condition
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
by Maurizio S
CVSS 3.1
CVE-2020-10389 EXPLOITDB HIGH python
Chadha PHPKB Standard Multi-Language 9 - Authenticated Remote Code Execution via Global Settings POST Parameters
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.
by Antonio Cannito
CVSS 7.2
CVE-2020-10387 EXPLOITDB MEDIUM python
Chadha PHPKB Standard Multi-Language 9 - Authenticated Path Traversal via Download Parameter
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file.
by Antonio Cannito
CVSS 4.9
CVE-2020-10386 EXPLOITDB HIGH python
Chadha PHPKB Standard Multi-Language 9 - Unauthenticated Remote Code Execution via Image Upload
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.
by Antonio Cannito
CVSS 7.2
EIP-2026-116789 EXPLOITDB python
AnyBurn 4.8 - Buffer Overflow (SEH)
by Richard Davy
EIP-2026-101257 EXPLOITDB python
Drobo 5N2 4.1.1 - Remote Command Injection
by Ian Sindermann
CVE-2020-10221 EXPLOITDB HIGH python
rconfig < 3.9.4 - Authenticated Remote Code Execution via fileName POST Parameter
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
by Engin Demirbilek
CVSS 8.8
CVE-2020-10220 EXPLOITDB CRITICAL python
Rconfig 3.x Chained Remote Code Execution
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
by vikingfr
CVSS 9.8
EIP-2026-112578 EXPLOITDB python
TeamCity Agent XML-RPC 10.0 - Remote Code Execution
by 1F98D
CVE-2019-12765 EXPLOITDB CRITICAL python
Joomla! 3.9.0-3.9.6 - CSV Injection in com_actionlogs Export
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
by i4bdullah
CVSS 9.8
CVE-2020-8866 EXPLOITDB MEDIUM python
Horde Groupware Webmail Edition 5.2.22 - RCE
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.
by Andrea Cardaci
CVSS 6.5
CVE-2020-8866 EXPLOITDB MEDIUM python
Horde Groupware Webmail Edition 5.2.22 - RCE
This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within add.php. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the www-data user. Was ZDI-CAN-10125.
by Andrea Cardaci
CVSS 6.5
By Source
All 6,637 Writeup 62,600 Exploitdb 50,076 Nomisec 22,502 Github 3,754 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 483 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,637 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 140 go 74 postscript 25 typescript 25