Python Exploits
5,917 exploits tracked across all sources.
Ipswitch WS_FTP LE 12.3 - Search field Overwrite (SEH) (PoC)
by Zahid Adeel
Dell SonicWALL Scrutinizer 11.0.1 - setUserSkin/deleteTab SQL Injection Remote Code Execution
by mr_me
RPCScan 2.03 - Hostname/IP Field Overwrite (SEH) (PoC)
by Nipun Jaswal
i.FTP 2.21 - Host Address / URL Field (SEH)
by Tantaryu MING
RPCScan 2.03 - Hostname/IP Field Crash (PoC)
by Irving Aguilar
CIScan 1.00 - Hostname/IP Field Crash (PoC)
by Irving Aguilar
TRN 3.6-23 Stack Buffer Overflow Local Code Execution
TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.
by Juan Sacco
CVSS 8.4
Rough Auditing Tool for Security (RATS) 2.3 - Array Out of Block Crash
by David Silveiro
Qualcomm Msm8909w Firmware - Resource Management Error
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, processing erroneous bitstreams may result in a HW freeze. FW should detect the HW freeze based on watchdog timer, but because the watchdog timer is not enabled, an infinite loop occurs, resulting in a device freeze.
by Milad Doorbash
CVSS 7.5
Yasr 0.6.9-5 Buffer Overflow via Command-line Parameter
Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution.
by Juan Sacco
CVSS 8.4
Rough Auditing Tool for Security (RATS) 2.3 - Crash (PoC)
by David Silveiro
Gemtek CPE7000 / WLTCS-106 - Multiple Vulnerabilities
by Federico Ramondino
TiEmu 3.03-nogdb+dfsg-3 Buffer Overflow via ROM Parameter
TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and overwrite the instruction pointer with malicious addresses.
by Juan Sacco
CVSS 8.4
Oracle Application Testing Suite - Unspecified Vuln
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that the UploadFileAction servlet allows remote authenticated users to upload and execute arbitrary files via an * (asterisk) character in the fileType parameter.
by Zhou Yu
Oracle Application Testing Suite - Info Disclosure
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function, which allows remote attackers to bypass authentication via directory traversal sequences following a URI entry that does not require authentication, as demonstrated by olt/Login.do/../../olt/UploadFileUpload.do.
by Zhou Yu
Multi Emulator Super System 0.154-3.1 Buffer Overflow
Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution.
by Juan Sacco
CVSS 8.4
Hexchat - Path Traversal
Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
by PizzaHatHacker
CVSS 7.4
Hexchat - Memory Corruption
Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message.
by PizzaHatHacker
CVSS 7.5
Dameware Mini Remote Control - Memory Corruption
Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string.
by Securifera
CVSS 9.8
WordPress Plugin Advanced Video 1.0 - Local File Inclusion
by evait security GmbH
TallSoft SNMP/TFTP Server 1.0.0 - Denial of Service
by Charley Celice
TVT White-Labeled DVR - Command Injection
An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called "Cross Web Server" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
by K1P0D
CVSS 9.8
By Source