Python Exploits

6,653 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25560 EXPLOITDB HIGH python
Lyric Video Creator 2.1 Denial of Service via MP3 File
Lyric Video Creator 2.1 contains a denial of service vulnerability that allows attackers to crash the application by processing malformed MP3 files. Attackers can create a crafted MP3 file with an oversized buffer and trigger the crash by opening the file through the Browse song functionality.
by Alejandra Sánchez
CVSS 7.5
CVE-2019-25595 EXPLOITDB MEDIUM python
jetAudio 8.1.7.20702 Basic Denial of Service via URL Handler
jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string through the URL input handler. Attackers can trigger the crash by pasting a buffer of 5000 characters into the Open URL dialog, causing the application to terminate abnormally.
by Victor Mondragón
CVSS 6.2
CVE-2017-1274 EXPLOITDB HIGH python
IBM Domino 8.5-9.0 - Authenticated Stack-Based Buffer Overflow via IMAP Mailbox Name
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.
by Charles Truscott
CVSS 8.8
CVE-2019-25613 EXPLOITDB HIGH python
Easy Chat Server 3.1 Denial of Service via message Parameter
Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash.
by Miguel Mendez Z
CVSS 7.5
CVE-2019-25612 EXPLOITDB HIGH python
Admin Express 1.2.5.485 Local SEH Buffer Overflow via Folder Path
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare feature by pasting a crafted buffer overflow payload into the left-hand side Folder Path field and clicking the scale icon to execute shellcode with application privileges.
by Connor McGarr
CVSS 7.8
EIP-2026-119321 EXPLOITDB python
Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)
by ElSoufiane
CVE-2025-34034 EXPLOITDB HIGH python
Blue Angel Software Suite - Info Disclosure
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.
by Paolo Serracino_ Pietro Minniti_ Damiano Proietti
CVSS 8.8
CVE-2025-34033 EXPLOITDB HIGH python
Blue Angel Software Suite - Command Injection
An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the ping_addr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can inject arbitrary commands by appending shell metacharacters to the ping_addr parameter in a crafted GET request to /cgi-bin/webctrl.cgi?action=pingtest_update. The command's output is reflected in the application's web interface, enabling attackers to view results directly. Default and backdoor credentials can be used to access the interface and exploit the issue. Successful exploitation results in arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.
by Paolo Serracino_ Pietro Minniti_ Damiano Proietti
CVSS 8.8
CVE-2019-9978 EXPLOITDB MEDIUM python
Social Warfare and Social Warfare Pro < 3.5.3 - Stored Cross-Site Scripting via swp_debug Parameter
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
by hash3liZer
CVSS 6.1
CVE-2019-25614 EXPLOITDB CRITICAL python
Free Float FTP 1.0 STOR Command Remote Buffer Overflow
Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command containing 247 bytes of padding followed by a return address and shellcode to trigger code execution on the FTP server.
by Kevin Randall
CVSS 9.8
CVE-2019-25596 EXPLOITDB MEDIUM python
SpotAuditor 5.2.6 Name Field Denial of Service
SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash.
by Victor Mondragón
CVSS 6.2
CVE-2019-10664 EXPLOITDB CRITICAL python VERIFIED
domoticz < 4.10578 - Unauthenticated SQL Injection via idx Parameter in CWebServer::GetFloorplanImage
Domoticz before 4.10578 allows SQL Injection via the idx parameter in CWebServer::GetFloorplanImage in WebServer.cpp.
by Fabio Carretto
CVSS 9.8
CVE-2019-2725 EXPLOITDB CRITICAL python
Oracle WebLogic Server 10.3.6.0.0 and 12.1.3.0.0 - Unauthenticated Remote Code Execution via HTTP
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by Avinash Kumar Thapa
CVSS 9.8
EIP-2026-118579 EXPLOITDB python
Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow
by Kevin Randall
EIP-2026-118578 EXPLOITDB python
Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow
by Kevin Randall
CVE-2019-10678 EXPLOITDB HIGH python VERIFIED
Domoticz <4.10579 - Info Disclosure
Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.
by Fabio Carretto
CVSS 7.5
CVE-2019-25597 EXPLOITDB MEDIUM python
NSauditor 3.1.2.0 Denial of Service via Community Field
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function to cause a denial of service condition.
by Victor Mondragón
CVSS 6.2
EIP-2026-115973 EXPLOITDB python
NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)
by Victor Mondragón
EIP-2026-115972 EXPLOITDB python
NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)
by Victor Mondragón
CVE-2019-25616 EXPLOITDB MEDIUM python
AnMing MP3 CD Burner 2.0 Local Denial of Service
AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string. Attackers can paste a 6000-byte payload into the registration name field to trigger a denial of service condition.
by Achilles
CVSS 6.2
CVE-2019-25615 EXPLOITDB HIGH python
Lavavo CD Ripper 4.20 Local SEH Buffer Overflow
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can craft a payload with controlled buffer data, NSEH jump instructions, and SEH handler addresses to trigger code execution and establish a bind shell on port 3110.
by Achilles
CVSS 8.4
CVE-2019-25599 EXPLOITDB MEDIUM python
Backup Key Recovery 2.2.4 Denial of Service via Name Field
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form.
by Victor Mondragón
CVSS 6.2
CVE-2019-25598 EXPLOITDB MEDIUM python
HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trigger an application crash.
by Victor Mondragón
CVSS 6.2
CVE-2019-25736 EXPLOITDB HIGH python
LabF nfsAxe 3.7 Ping Client Buffer Overflow
LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address to execute calc.exe or other arbitrary commands.
by Dino Covotsos
CVSS 8.4
CVE-2019-25617 EXPLOITDB MEDIUM python
Ease Audio Converter 5.30 Denial of Service via Audio Cutter
Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows local attackers to crash the application by processing malformed MP4 files. Attackers can create a crafted MP4 file containing an oversized buffer and load it through the Audio Cutter interface to trigger an application crash.
by Achilles
CVSS 6.2