Python Exploits

6,652 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25328 EXPLOITDB HIGH python
XnConvert 1.82 - Denial of Service via Registration Code Input Field
XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the registration code field to trigger an application crash.
by Gokkulraj
CVSS 7.5
CVE-2019-25327 EXPLOITDB CRITICAL python
Prime95 29.8 build 6 - Remote Code Execution via User ID Input Field
Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110.
by stresser
CVSS 9.8
CVE-2019-25330 EXPLOITDB HIGH python
SurfOffline Professional 2.2.0.103 - Buffer Overflow
SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to trigger a denial of service condition and overwrite SEH registers.
by Chris Inzinga
CVSS 7.5
CVE-2019-25329 EXPLOITDB HIGH python
FTP Navigator < 8.03 - Denial of Service via Custom Command Input
FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler (SEH) with malicious input. Attackers can generate a payload of 4108 'A' characters followed by 4 'B' characters and 40 'C' characters to trigger a program crash when pasted into the custom command input.
by Chris Inzinga
CVSS 7.5
CVE-2019-25321 EXPLOITDB CRITICAL python
FTP Navigator 8.03 - Stack-based Buffer Overflow via Custom Command Textbox
FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remote code execution and launching the calculator as proof of concept.
by Chris Inzinga
CVSS 9.8
CVE-2019-25331 EXPLOITDB HIGH python
AVS Audio Converter 9.1 - Buffer Overflow
AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to compromise the application and potentially execute arbitrary code.
by ZwX
CVSS 8.4
CVE-2019-25318 EXPLOITDB HIGH python
AVS Audio Converter <9.1.2.600 - Code Injection
AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked.
by ZwX
CVSS 8.8
EIP-2026-116625 EXPLOITDB python
XnView 2.49.1 - 'Research' Denial of Service (PoC)
by ZwX
EIP-2026-104686 EXPLOITDB python
WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service
by roddux
EIP-2026-101866 EXPLOITDB python
Netgear R6400 - Remote Code Execution
by Kevin Randall
EIP-2026-100658 EXPLOITDB python
NopCommerce 4.2.0 - Privilege Escalation
by Alessandro Magnosi
CVE-2019-25332 EXPLOITDB HIGH python
FTP Commander Pro 8.03 - Buffer Overflow
FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remote code execution potential.
by boku
CVSS 8.4
EIP-2026-104322 EXPLOITDB python
ManageEngine Desktop Central - 'FileStorage getChartImage' Deserialization / Unauthenticated Remote Code Execution
by mr_me
CVE-2019-25334 EXPLOITDB MEDIUM python
Product Key Explorer 4.2.0.0 - Buffer Overflow
Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. Attackers can create a specially crafted text file with repeated characters to trigger a buffer overflow when pasted into the registration name field, causing the application to crash.
by SajjadBnd
CVSS 6.2
EIP-2026-116097 EXPLOITDB python
Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)
by SajjadBnd
EIP-2026-116096 EXPLOITDB python
Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)
by SajjadBnd
CVE-2019-20049 EXPLOITDB CRITICAL python
Alcatel-Lucent OmniVista 4760 - Unauthenticated Remote Code Execution via Directory Traversal and Insecure File Upload
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages().
by 0x1911
CVSS 9.8
CVE-2019-20048 EXPLOITDB HIGH python
Alcatel-Lucent OmniVista 8770 < 4.1.12 - Authenticated Remote Code Execution via PHP File Upload
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM.
by 0x1911
CVSS 7.2
CVE-2019-25336 EXPLOITDB HIGH python
SpotAuditor 5.3.2 - Buffer Overflow
SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system.
by Kirill Nikolaev
CVSS 8.4
CVE-2019-20047 EXPLOITDB HIGH python
Alcatel-Lucent OmniVista 4760 and 8770 < 4.1.2 - Unauthenticated Credential Exposure via Session File Retrieval
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>.
by 0x1911
CVSS 7.5
CVE-2019-17270 EXPLOITDB CRITICAL python
Yachtcontrol < 2019-10-06 - Unauthenticated OS Command Injection via systemcall.php Command Parameter
Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.
by Hodorsec
CVSS 9.8
EIP-2026-101061 EXPLOITDB python
Omron PLC 1.0.0 - Denial of Service (PoC)
by n0b0dy
CVE-2019-16702 EXPLOITDB CRITICAL python
Integard Pro 2.2.0.9026 - Buffer Overflow
Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.
by purpl3f0xsecur1ty
CVSS 9.8
CVE-2019-15627 EXPLOITDB HIGH python VERIFIED
Trend Micro Deep Security Agent 10.0, 11.0, 12.0 - Arbitrary File Deletion via Improper Link Resolution
Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected.
by Peter Lapp
CVSS 7.1
CVE-2018-9022 EXPLOITDB CRITICAL python VERIFIED
Broadcom Privileged Access Manager < 2.8.2 - Unauthenticated Remote Code Execution via Configuration File Poisoning
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
by Peter Lapp
CVSS 9.8