Python Exploits

5,908 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112936 EXPLOITDB python
userSpice 4.3.24 - Username Enumeration
by Dolev Farhi
CVE-2018-10088 EXPLOITDB CRITICAL python
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
by Andrew Watson
CVSS 9.8
CVE-2018-10118 EXPLOITDB MEDIUM python
Monstra CMS 3.0.4 - XSS
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.
by DEEPIN2
CVSS 4.8
EIP-2026-119508 EXPLOITDB python
10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH)
by Hashim Jawad
EIP-2026-119507 EXPLOITDB python
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)
by Hashim Jawad
EIP-2026-119506 EXPLOITDB python
10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH)
by Hashim Jawad
EIP-2026-116963 EXPLOITDB python
Clone2GO Video converter 2.8.2 - Buffer Overflow
by Gokul Babu
CVE-2018-11564 EXPLOITDB MEDIUM python
Pagekit < 1.0.13 - XSS
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.
by DEEPIN2
CVSS 4.8
CVE-2018-8718 EXPLOITDB HIGH python
Mailer Plugin 1.20 for Jenkins 2.111 - CSRF
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
by Kl3_GMjq6
CVSS 8.0
CVE-2018-16302 EXPLOITDB HIGH python
Mc1soft Zip-n-go < 4.95 - Memory Corruption
MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file.
by Hashim Jawad
CVSS 7.8
CVE-2018-9842 EXPLOITDB MEDIUM python
Cyberark Password Vault < 9.7 - Information Disclosure
CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message.
by Thomas Zuk
CVSS 5.3
CVE-2015-2177 EXPLOITDB python
Siemens Simatic S7-300 Cpu Firmware - Improper Input Validation
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.
by t4rkd3vilz
EIP-2026-119656 EXPLOITDB python
CloudMe Sync < 1.11.0 - Buffer Overflow (SEH) (DEP Bypass)
by Juan Prescotto
EIP-2026-119509 EXPLOITDB python
ALFTP 5.31 - Local Buffer Overflow (SEH Bypass)
by Gokul Babu
CVE-2018-11415 EXPLOITDB MEDIUM python
SAP Internet Transaction Server - XSS
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.
by J. Carrillo Lencina
CVSS 6.1
EIP-2026-117218 EXPLOITDB python
FTPShell Server 6.80 - Buffer Overflow (SEH)
by Hashim Jawad
CVE-2016-3963 EXPLOITDB MEDIUM python
Siemens SCALANCE S613 - DoS
Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443.
by t4rkd3vilz
CVSS 5.3
CVE-2014-5074 EXPLOITDB python
Siemens Simatic S7-1500 Cpu Firmware < 1.5.1 - Denial of Service
Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets.
by t4rkd3vilz
EIP-2026-119553 EXPLOITDB python
R 3.4.4 - Local Buffer Overflow (DEP Bypass)
by Hashim Jawad
EIP-2026-102369 EXPLOITDB python
GitBucket 4.23.1 - Remote Code Execution
by Kacper Szurek
EIP-2026-117099 EXPLOITDB python VERIFIED
Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass)
by Juan Prescotto
CVE-2018-25299 EXPLOITDB HIGH python
Prime95 29.4b8 Local Buffer Overflow via SEH
Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands.
by crash_manucoot
CVSS 8.4
CVE-2018-1111 EXPLOITDB HIGH python VERIFIED
DHCP Client Command Injection (DynoRoot)
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
by Kevin Kirsche
CVSS 7.5
CVE-2018-11094 EXPLOITDB CRITICAL python
Intelbras Ncloud 300 Firmware - Hard-coded Credentials
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved.
by Pedro Aguiar
CVSS 9.8
EIP-2026-102193 EXPLOITDB python
WhatsApp 2.18.31 - Memory Corruption
by Juan Sacco
By Source
All 5,908 Exploitdb 50,135 Writeup 49,930 Nomisec 21,368 Metasploit 3,228 Github 2,568 Vulncheck_xdb 901 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,908 c 3,575 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 52 postscript 25 xml 24