Python Exploits

6,652 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100645 EXPLOITDB python
BlogEngine.NET 3.3.6/3.3.7 - XML External Entity Injection
by Aaron Bishop
EIP-2026-100644 EXPLOITDB python
BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution
by Aaron Bishop
EIP-2026-100642 EXPLOITDB python
BlogEngine.NET 3.3.6/3.3.7 - 'dirPath' Directory Traversal / Remote Code Execution
by Aaron Bishop
CVE-2019-12890 EXPLOITDB CRITICAL python
RedwoodHQ 2.5.5 - Unauthenticated Admin User Creation via Database Insert Operation
RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insert_one call.
by EthicalHCOP
CVSS 9.8
EIP-2026-102700 EXPLOITDB python
Netperf 2.6.0 - Stack-Based Buffer Overflow
by Juan Sacco
EIP-2026-102699 EXPLOITDB python
Netperf 2.6.0 - Stack-Based Buffer Overflow
by Juan Sacco
CVE-2020-19513 EXPLOITDB HIGH python
AIDA64 Engineer 6.00.5100 - Buffer Overflow via SEH Handler Overwrite
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.
by Nipun Jaswal
CVSS 7.8
EIP-2026-107317 EXPLOITDB python
FusionPBX 4.4.3 - Remote Command Execution
by Dustin Cobb
CVE-2019-12788 EXPLOITDB HIGH python
Photodex ProShow Producer 9.0.3797 - Out-of-bounds Write via Crafted File
An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file.
by Yonatan_Correa
CVSS 7.8
CVE-2019-9621 EXPLOITDB HIGH python
Zimbra Collaboration Suite <8.6-8.8 - SSRF
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
by k8gege
CVSS 7.5
CVE-2019-25604 EXPLOITDB HIGH python
DVDXPlayer Pro 5.5 Local Buffer Overflow with SEH
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges.
by Kevin Randall
CVSS 8.4
CVE-2018-19864 EXPLOITDB CRITICAL python
NUUO NVRmini2 Firmware <= 3.9.1 - Remote Code Execution via Buffer Overflow
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.
by @0x00string
CVSS 9.8
CVE-2019-1663 EXPLOITDB CRITICAL python
Cisco RV110W RV130W RV215W - Unauthenticated Remote Code Execution via Web Management Interface
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected.
by @0x00string
CVSS 9.8
CVE-2019-0708 EXPLOITDB CRITICAL python
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
by n1xbyte
CVSS 9.8
EIP-2026-115296 EXPLOITDB python
Free SMTP Server 2.5 - Denial of Service (PoC)
by Metin Yunus Kandemir
CVE-2019-25544 EXPLOITDB MEDIUM python
Pidgin 2.13.0 Denial of Service via Malformed Username
Pidgin 2.13.0 contains a denial of service vulnerability that allows local attackers to crash the application by providing an excessively long username string during account creation. Attackers can input a buffer of 1000 characters in the username field and trigger a crash when joining a chat, causing the application to become unavailable.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-25607 EXPLOITDB HIGH python
Axessh 4.2 Local Stack-based Buffer Overflow via Log File Name
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.
by Uday Mittal
CVSS 8.4
CVE-2019-25606 EXPLOITDB MEDIUM python
Fast AVI MPEG Joiner 1.2.0812 Buffer Overflow Denial of Service
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the License Name input field to trigger a denial of service condition when the Register button is clicked.
by Achilles
CVSS 5.5
EIP-2026-115124 EXPLOITDB python
Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-115123 EXPLOITDB python
Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-115122 EXPLOITDB python
Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-115121 EXPLOITDB python
Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-115120 EXPLOITDB python
Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-115119 EXPLOITDB python
Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-115118 EXPLOITDB python
Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)
by Victor Mondragón