Python Exploits

6,652 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25738 EXPLOITDB CRITICAL python
WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change
WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to hc_ajax_save_option to enable user registration and set the default role to administrator, enabling account takeover.
by yasin
CVSS 9.8
CVE-2019-12480 EXPLOITDB HIGH python
BACnet Protocol Stack <= 0.8.6 - Unauthenticated Denial of Service via Malformed DCC in AtomicWriteFile
BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet APDU Layer because a malformed DCC in AtomicWriteFile, AtomicReadFile and DeviceCommunicationControl services. An unauthenticated remote attacker could cause a denial of service (bacserv daemon crash) because there is an invalid read in bacdcode.c during parsing of alarm tag numbers.
by mmorillo
CVSS 7.5
CVE-2019-13577 EXPLOITDB CRITICAL python
MAPLE WBT SNMP Admin <2.0.195.15 - Buffer Overflow
SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987.
by sasaga92
CVSS 9.8
CVE-2018-16763 EXPLOITDB CRITICAL python
FUEL CMS < 1.4.2 - Unauthenticated Remote Code Execution via Pages Filter or Preview Data Parameter
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
by 0xd0ff9
CVSS 9.8
CVE-2019-25484 EXPLOITDB MEDIUM python
WinMPG iPod Convert 3.0 - Buffer Overflow
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service condition.
by stresser
CVSS 6.2
CVE-2019-25485 EXPLOITDB MEDIUM python
R 3.4.4 Windows x64 - Buffer Overflow
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler chain pivot and execute arbitrary shellcode with application privileges.
by blackleitus
CVSS 6.2
CVE-2018-12897 EXPLOITDB HIGH python
SolarWinds DameWare Mini Remote Control < 12.1 - Buffer Overflow
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.
by Xavi Beltran
CVSS 7.8
EIP-2026-117968 EXPLOITDB python
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
by Andrey Stoykov
EIP-2026-117967 EXPLOITDB python
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
by Andrey Stoykov
CVE-2019-13597 EXPLOITDB CRITICAL python
Sahi Pro 8.0.0 - Unauthenticated Remote Code Execution via Player_setScriptFile
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.
by AkkuS
CVSS 9.8
CVE-2019-12991 EXPLOITDB HIGH python VERIFIED
Citrix SD-WAN 10.2.0-10.2.2 and NetScaler SD-WAN 10.0.0-10.0.7 - OS Command Injection
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
by Chris Lyne
CVSS 8.8
CVE-2019-13494 EXPLOITDB HIGH python
Castlerock Simple Network Management ... - Out-of-Bounds Write
nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file.
by xerubus
CVSS 7.8
EIP-2026-101453 EXPLOITDB python
Siemens TIA Portal - Remote Command Execution
by Joseph Bingham
CVE-2007-0213 EXPLOITDB python
Microsoft Exchange Server 2000 SP3, 2003 SP1-SP2, 2007 - Remote Code Execution via Base64 MIME Decoding
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
by Charles Truscott
CVE-2019-13024 EXPLOITDB HIGH python
Centreon 18.x < 18.10.6, 19.x < 19.04.3 - Authenticated Remote Code Execution via Monitoring Engine Binary Configuration
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).
by Askar
CVSS 8.8
CVE-2020-21999 EXPLOITDB HIGH python
iWT FaceSentry Access Control System 6.4.8 - Authenticated OS Command Injection via strInIP Parameter
iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.
by LiquidWorm
CVSS 8.8
CVE-2019-25241 EXPLOITDB CRITICAL python
FaceSentry Access Control System <6.4.8 - Privilege Escalation
FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.
by LiquidWorm
CVSS 9.8
CVE-2019-13063 EXPLOITDB HIGH python
Sahi Pro 8.0.0 - Path Traversal and File Inclusion via Script Parameter
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion.
by Operat0r
CVSS 7.5
CVE-2018-20434 EXPLOITDB CRITICAL python VERIFIED
LibreNMS 1.46 - OS Command Injection via $_POST['community'] Parameter
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
by Askar
CVSS 9.8
CVE-2019-25487 EXPLOITDB CRITICAL python
Sapido RB-1732 2.0.43 - Unauthenticated Remote Code Execution via formSysCmd Endpoint
SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the formSysCmd endpoint. Attackers can send POST requests with the sysCmd parameter containing shell commands to execute code on the device with router privileges.
by k1nm3n.aotoi
CVSS 9.8
CVE-2019-13131 EXPLOITDB CRITICAL python
Supermicro SuperDoctor 5 - Remote Code Execution via NRPE
Super Micro SuperDoctor 5, when restrictions are not implemented in agent.cfg, allows remote attackers to execute arbitrary commands via NRPE.
by Simon Gurney
CVSS 9.8
EIP-2026-100643 EXPLOITDB python
BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal
by Aaron Bishop
CVE-2019-12276 EXPLOITDB HIGH python
GrandNode 4.40 - Unauthenticated Path Traversal via LetsEncrypt Controller
A Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
by Corey Robinson
CVSS 7.5
CVE-2019-25603 EXPLOITDB HIGH python
TuneClone 2.20 Structured Exception Handler Buffer Overflow
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget, then paste it into the license code field to trigger code execution and establish a bind shell.
by Achilles
CVSS 8.4
CVE-2019-13292 EXPLOITDB CRITICAL python
webERP 4.15 - SQL Injection via Payments.php Base64 Deserialization
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
by Semen Alexandrovich Lyhin
CVSS 9.8