Python Exploits

5,951 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103029 EXPLOITDB python VERIFIED
VFU 4.10-1.1 - Move Entry Buffer Overflow
by Bas van den Berg
CVE-2014-0980 EXPLOITDB python VERIFIED
Publish-It PUI Buffer Overflow (SEH)
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
by Andrew Smith
CVE-2013-4730 EXPLOITDB python
PCMan's FTP Server 2.0.7 - RCE
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by R-73eN
EIP-2026-117626 EXPLOITDB python
MooPlayer 1.3.0 - 'm3u' Local Buffer Overflow (SEH) (1)
by dogo h@ck
EIP-2026-115852 EXPLOITDB python VERIFIED
MooPlayer 1.3.0 - 'm3u' Buffer Overflow (SEH) (PoC)
by Samandeep Singh
CVE-2015-1578 EXPLOITDB python
u5CMS <3.9.4 - Open Redirect
Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to u5admin/pidvesa.php or (2) uri parameter to u5admin/meta2.php.
by KAhara MAnhara
CVE-2014-2623 EXPLOITDB python VERIFIED
HP Storage Data Protector <8 - RCE
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
by Juttikhun Khamchaiyaphum
CVE-2014-4076 EXPLOITDB python
Microsoft Windows Server 2003 SP2 - Privilege Escalation
Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability."
by KoreLogic
EIP-2026-116458 EXPLOITDB python
UniPDF 1.1 - Crash (PoC) (SEH)
by bonze
CVE-2015-0235 EXPLOITDB python
Exim GHOST (glibc gethostbyname) Buffer Overflow
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
by 1n3
EIP-2026-118368 EXPLOITDB python
ClearSCADA - Remote Authentication Bypass
by Jeremy Brown
EIP-2026-115421 EXPLOITDB python
IceCream Ebook Reader 1.41 - Crash (PoC)
by Kapil Soni
CVE-2015-2055 EXPLOITDB python
Zhone Technologies Gpon 2520 Firmware - Improper Input Validation
Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter.
by Kaczinski Ramirez
EIP-2026-117992 EXPLOITDB python VERIFIED
T-Mobile Internet Manager - Local Buffer Overflow (SEH)
by metacom
EIP-2026-116987 EXPLOITDB python VERIFIED
Congstar Internet Manager - Local Buffer Overflow (SEH)
by metacom
CVE-2014-8272 EXPLOITDB python
Dell iDRAC6 modular <3.65, iDRAC6 monolithic <1.98, iDRAC7 <1.57.57...
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
by Yong Chuan_ Koh
EIP-2026-103789 EXPLOITDB python
Ntpdc 4.2.6p3 - Local Buffer Overflow
by drone
CVE-2015-1060 EXPLOITDB python
AdaptCMS 3.0.3 - Open Redirect
Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
by LiquidWorm
CVE-2015-1058 EXPLOITDB python
AdaptCMS 3.0.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_fields/, (3) name property in a basicInfo JSON object to admin/tools/create_theme, (4) data[Link][link_title] parameter to admin/links/links/add, or (5) data[ForumTopic][subject] parameter to forums/off-topic/new.
by LiquidWorm
CVE-2015-1059 EXPLOITDB python
AdaptCMS 3.0.3 - Code Injection
Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads.
by LiquidWorm
CVE-2014-9583 EXPLOITDB python VERIFIED
ASUS WRT - Auth Bypass
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.
by Friedrich Postelstorfer
EIP-2026-100050 EXPLOITDB python VERIFIED
WhatsApp 2.11.476 (Android) - Remote Reboot/Crash App (Denial of Service)
by Daniel Godoy
EIP-2026-115485 EXPLOITDB python VERIFIED
jetAudio 8.1.3 Basic (mp3) - Crash (PoC)
by Drozdova Liudmila
EIP-2026-103309 EXPLOITDB python
Phase Botnet - Blind SQL Injection
by MalwareTech
CVE-2014-9456 EXPLOITDB python VERIFIED
NotePad++ 6.6.9 - Buffer Overflow
Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more information.
by TaurusOmar
By Source
All 5,951 Writeup 54,084 Exploitdb 50,193 Nomisec 21,431 Metasploit 3,228 Github 2,586 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,368 ruby 5,960 python 5,951 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24