Python Exploits

6,652 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115117 EXPLOITDB python
Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-115116 EXPLOITDB python
Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-115115 EXPLOITDB python
Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)
by Victor Mondragón
CVE-2019-25547 EXPLOITDB MEDIUM python
NetAware 1.20 Denial of Service via Add Block Buffer Overflow
NetAware 1.20 contains a buffer overflow vulnerability in the User Blocking feature that allows local attackers to crash the application by supplying oversized input. Attackers can paste a malicious buffer of 512 bytes into the 'Add a website or keyword to be filtered' field and trigger a crash when removing the created block.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-25546 EXPLOITDB MEDIUM python
NetAware 1.20 Share Name Denial of Service
NetAware 1.20 contains a buffer overflow vulnerability in the Share Name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of service by pasting a 1000-byte buffer into the Share Name parameter when adding a new share through the Manage Shares interface.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-25545 EXPLOITDB MEDIUM python
Terminal Services Manager 3.2.1 Local Buffer Overflow Denial of Service
Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attackers can input a 5000-byte buffer of data into the 'Computer name or IP address' field during computer addition, causing a denial of service when the server entry is accessed.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-25548 EXPLOITDB MEDIUM python
BlueStacks 4.80.0.1060 Denial of Service via Search Field
BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation to cause the application to crash.
by Alejandra Sánchez
CVSS 6.2
EIP-2026-116381 EXPLOITDB python
TapinRadio 2.11.6 - 'Uername' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-116380 EXPLOITDB python
TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)
by Victor Mondragón
CVE-2019-25586 EXPLOITDB MEDIUM python
Deluge 1.3.15 Denial of Service via URL Field
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash.
by Victor Mondragón
CVSS 6.2
CVE-2019-25585 EXPLOITDB MEDIUM python
Deluge 1.3.15 Denial of Service via Webseeds Field
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash.
by Victor Mondragón
CVSS 6.2
CVE-2019-9881 EXPLOITDB MEDIUM python
WPGraphQL 0.2.3 - Unauthenticated Comment Posting via createComment Mutation
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled.
by Simone Quatrini
CVSS 5.3
CVE-2019-25588 EXPLOITDB MEDIUM python
BulletProof FTP Server 2019.0.0.50 Denial of Service via DNS Address
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes to trigger a crash when the Test function is invoked.
by Victor Mondragón
CVSS 6.2
CVE-2019-25587 EXPLOITDB MEDIUM python
BulletProof FTP Server 2019.0.0.50 Storage-Path Denial of Service
BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the Storage-Path configuration parameter that allows local attackers to crash the application by supplying an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 500 bytes or more to trigger an application crash when saving the configuration.
by Victor Mondragón
CVSS 6.2
CVE-2019-25550 EXPLOITDB MEDIUM python
Encrypt PDF 2.3 Denial of Service via Buffer Overflow
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Master Password field in the Settings dialog to trigger an application crash when importing PDF files.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-25549 EXPLOITDB MEDIUM python
VeryPDF PCL Converter 2.7 Denial of Service via PDF Security
VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buffer overflow by entering a 3000-byte password in the PDF Security encryption fields, causing the application to crash when processing PCL files.
by Alejandra Sánchez
CVSS 6.2
CVE-2014-9415 EXPLOITDB python
Huawei eSpace Desktop <V100R001C03 - DoS
Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file.
by LiquidWorm
EIP-2026-115161 EXPLOITDB python
docPrint Pro 8.0 - Denial of Service (PoC)
by Alejandra Sánchez
EIP-2026-114829 EXPLOITDB python
AbsoluteTelnet 10.16 - 'License name' Denial of Service (PoC)
by Victor Mondragón
CVE-2019-12185 EXPLOITDB HIGH python
elabftw 1.8.5 - Authenticated Arbitrary File Upload via EntityController
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
by liquidsky
CVSS 8.8
CVE-2019-25553 EXPLOITDB MEDIUM python
CEWE PHOTO IMPORTER 6.4.3 Denial of Service via Malformed Image
CEWE PHOTO IMPORTER 6.4.3 contains a denial of service vulnerability that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-25552 EXPLOITDB HIGH python
CEWE PHOTO SHOW 6.4.3 Denial of Service via Password Field
CEWE PHOTO SHOW 6.4.3 contains a denial of service vulnerability that allows attackers to crash the application by submitting an excessively long buffer to the password field. Attackers can paste a large string of repeated characters into the password input during the upload process to trigger an application crash.
by Alejandra Sánchez
CVSS 7.5
CVE-2019-25551 EXPLOITDB MEDIUM python
Sandboxie 5.30 Denial of Service via Program Alerts Buffer Overflow
Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' field during program alert configuration to trigger an application crash.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-1821 EXPLOITDB HIGH python VERIFIED
Cisco Prime Infrastructure/EPN Manager - RCE
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
by mr_me
CVSS 8.8
CVE-2019-25590 EXPLOITDB MEDIUM python
Axessh 4.2 Denial of Service via Log File Name
Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to crash the application by supplying an excessively long string in the log file name field. Attackers can enable session logging, paste a buffer of 500 or more characters into the log file name parameter, and trigger a crash when establishing a telnet connection.
by Victor Mondragón
CVSS 6.2