Python Exploits
5,948 exploits tracked across all sources.
Delta Industrial Automation DCISoft 1.12.09 - Local Stack Buffer Overflow
by LiquidWorm
lastore-daemon <0.9.66-1 - Privilege Escalation
A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root.
by King's Way
WordPress Plugin WP User Frontend < 2.3.11 - Unrestricted Arbitrary File Upload
by Panagiotis Vagenas
WordPress Plugin WooCommerce Store Toolkit 1.5.5 - Privilege Escalation
by Panagiotis Vagenas
FTPShell Client 5.24 - 'Create NewFolder' Local Buffer Overflow
by Arash Khazaei
yTree 1.94-1.1 Stack-Based Buffer Overflow
yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context.
by Juan Sacco
CVSS 8.4
Baumer VeriSens Application Suite 2.6.2 - Buffer Overflow (PoC)
by LiquidWorm
iScripts EasyCreate 3.0 - Remote Code Execution
by Bikramaditya Guha
FreeBSD <9.3p33, 10.1p26, 10.2p9 - DoS
The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.
by ptsecurity
CVSS 7.5
xwpe 1.5.30a-2.1 Stack-based Buffer Overflow
xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk data followed by shellcode to overwrite the instruction pointer and achieve code execution or denial of service.
by Juan Sacco
CVSS 8.4
CesarFTP <0.99g - Buffer Overflow
Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
by Irving Aguilar
NetSchedScan 1.0 Buffer Overflow Denial of Service
NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the Hostname/IP field to trigger a denial of service condition.
by Abraham Espinosa
CVSS 6.2
Manage Engine Application Manager 12.5 - Arbitrary Command Execution
by Bikramaditya Guha
Ipswitch WhatsUp Gold <16.4 - SQL Injection
The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.
by Matt Buzanowski
CVSS 9.8
SNScan 1.05 - Scan Hostname/IP Field Buffer Overflow Crash (PoC)
by Daniel Velazquez
Konica Minolta FTP Utility 1.0 - RCE
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command.
by TOMIWA
KeePass Password Safe Classic 1.29 - Crash (PoC)
by Mohammad Reza Espargham
Fortinet <5.0.12 - Hardcoded Passphrase
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
by operator8203
CVSS 9.8
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
by Avinash Thapa
CVSS 9.8
FTPShell Client 5.24 - 'Add to Favorites' Buffer Overflow
by INSECT.B
By Source