Python Exploits

5,951 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115604 EXPLOITDB python
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
by s-dz
EIP-2026-115603 EXPLOITDB python
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)
by s-dz
EIP-2026-115475 EXPLOITDB python
jaangle 0.98i.977 - Denial of Service
by s-dz
CVE-2014-10021 EXPLOITDB python
Wpsymposiumpro WP Symposium - Unrestricted File Upload
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.
by Claudio Viviani
EIP-2026-113689 EXPLOITDB python
WordPress Plugin Download Manager 2.7.4 - Remote Code Execution
by Claudio Viviani
EIP-2026-116545 EXPLOITDB python VERIFIED
Winamp 5.666 build 3516 - Corrupted .flv Crash (PoC)
by Drozdova Liudmila
EIP-2026-115484 EXPLOITDB python VERIFIED
JetAudio 8.1.3 - '.mp4' Crash (PoC)
by Drozdova Liudmila
EIP-2026-103062 EXPLOITDB python VERIFIED
Apache James Server 2.3.2 - Remote Command Execution
by Jakub Palaczynski
CVE-2014-6324 EXPLOITDB HIGH python VERIFIED
Microsoft Windows - Privilege Escalation
The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."
by Sylvain Monne
CVSS 8.8
CVE-2014-9567 EXPLOITDB python
ProjectSend <r561 - RCE
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
by Fady Mohammed Osman
CVE-2014-8517 EXPLOITDB python
Apple Mac OS X - Command Injection
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
by dash
CVE-2014-9347 EXPLOITDB python
phpMyRecipes 1.2.2 - SQL Injection
SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter.
by bard
EIP-2026-114272 EXPLOITDB python
WordPress Plugin wpDataTables 1.5.3 - Arbitrary File Upload
by Claudio Viviani
CVE-2014-10029 EXPLOITDB python
Fluxbb < 1.4.11 - SQL Injection
SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.
by secthrowaway
EIP-2026-108363 EXPLOITDB python VERIFIED
Joomla! Component com_hdflvplayer < 2.1.0.1 - Arbitrary File Download
by Claudio Viviani
CVE-2014-5284 EXPLOITDB python VERIFIED
Ossec < 2.8.0 - Access Control
host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.
by skynet-13
EIP-2026-104294 EXPLOITDB python VERIFIED
Joomla! Component com_hdflvplayer < 2.1.0.1 - SQL Injection
by Claudio Viviani
CVE-2014-6352 EXPLOITDB HIGH python
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
by Abhishek Lyall
CVSS 7.8
EIP-2026-115677 EXPLOITDB python VERIFIED
Microsoft Internet Explorer 11 - Denial of Service
by Behrooz Abbassi
CVE-2014-125114 EXPLOITDB HIGH python VERIFIED
i-Ftp <2.20 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in i-Ftp version 2.20 due to improper handling of the Time attribute within Schedule.xml. By placing a specially crafted Schedule.xml file in the i-Ftp application directory, a remote attacker can trigger a buffer overflow during scheduled download parsing, potentially leading to arbitrary code execution or a crash.
by metacom
EIP-2026-115414 EXPLOITDB python VERIFIED
i.Mage 1.11 - Local Crash (PoC)
by metacom
EIP-2026-115413 EXPLOITDB python VERIFIED
i.Hex 0.98 - Local Crash (PoC)
by metacom
CVE-2014-1635 EXPLOITDB python VERIFIED
Belkin N750 Router <F9K1103_WW_1.10.17m - Buffer Overflow
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.
by Marco Vaz
CVE-2014-2023 EXPLOITDB CRITICAL python
Tapatalk plugin <4.9.0, 5.x-5.2.1 - SQL Injection
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/.
by tintinweb
CVSS 9.8
EIP-2026-117196 EXPLOITDB python VERIFIED
Free WMA MP3 Converter 1.8 - '.wav' Local Buffer Overflow
by metacom
By Source
All 5,951 Writeup 54,084 Exploitdb 50,193 Nomisec 21,431 Metasploit 3,228 Github 2,586 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,368 ruby 5,960 python 5,951 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24