Python Exploits

5,951 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-2647 EXPLOITDB python VERIFIED
HP Operations Agent <11.14 - XSS
Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP Operations Manager (formerly OpenView Communications Broker) before 11.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Matt Schmidt
CVE-2014-4114 EXPLOITDB HIGH python
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
by Mike Czumak
CVSS 7.8
CVE-2014-6352 EXPLOITDB HIGH python
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
by Mike Czumak
CVSS 7.8
CVE-2014-8739 EXPLOITDB CRITICAL python
jQuery File Upload Plugin <6.4.4 - RCE
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.
by Claudio Viviani
CVSS 9.8
EIP-2026-107073 EXPLOITDB python
Feng Office 1.7.4 - Arbitrary File Upload
by AutoSec Tools
CVE-2014-4114 EXPLOITDB HIGH python
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
by Vlad Ovtchinikov
CVSS 7.8
CVE-2014-6352 EXPLOITDB HIGH python
MS14-064 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
by Vlad Ovtchinikov
CVSS 7.8
CVE-2014-3704 EXPLOITDB python VERIFIED
Drupal < 7.32 - SQL Injection
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
by Claudio Viviani
CVE-2014-3704 EXPLOITDB python VERIFIED
Drupal < 7.32 - SQL Injection
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
by stopstene
EIP-2026-111986 EXPLOITDB python
SEO Control Panel 3.6.0 - (Authenticated) SQL Injection
by Tiago Carvalho
EIP-2026-106241 EXPLOITDB python
Croogo 2.0.0 - Arbitrary PHP Code Execution
by LiquidWorm
CVE-2014-2021 EXPLOITDB python
vBulletin <5.0.6 - XSS
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.
by tintinweb
CVE-2014-2022 EXPLOITDB python
vBulletin <4.2.2 - SQL Injection
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
by tintinweb
CVE-2014-7910 EXPLOITDB python VERIFIED
Google Chrome < 39.0.2171.45 - Denial of Service
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Phil Blank
CVE-2014-6278 EXPLOITDB HIGH python VERIFIED
GNU Bash <4.3 - RCE
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
by Federico Galatolo
CVSS 8.8
CVE-2014-5289 EXPLOITDB CRITICAL python VERIFIED
Senkas Kolibri - Improper Input Validation
Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.
by tekwizz123
CVSS 9.8
CVE-2014-7910 EXPLOITDB python
Google Chrome < 39.0.2171.45 - Denial of Service
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by @0x00string
CVE-2014-7910 EXPLOITDB python VERIFIED
Google Chrome < 39.0.2171.45 - Denial of Service
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Claudio Viviani
CVE-2014-7187 EXPLOITDB python VERIFIED
GNU Bash <4.3 - DoS
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
by fdiskyou
EIP-2026-116582 EXPLOITDB python
WS10 Data Server - SCADA Overflow (PoC)
by Pedro Sánchez
EIP-2026-108434 EXPLOITDB python
Joomla! Component com_macgallery 1.5 - Arbitrary File Download
by Claudio Viviani
EIP-2026-108344 EXPLOITDB python
Joomla! Component com_facegallery 1.0 - Multiple Vulnerabilities
by Claudio Viviani
EIP-2026-100469 EXPLOITDB python
Onlineon E-Ticaret - Database Disclosure
by ZoRLu
EIP-2026-116225 EXPLOITDB python
Seafile-server 3.1.5 - Remote Denial of Service
by nop nop
CVE-2014-5460 EXPLOITDB python VERIFIED
Tribulant Tibulant Slideshow Gallery - Improper Input Validation
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
by Claudio Viviani
By Source
All 5,951 Writeup 54,084 Exploitdb 50,193 Nomisec 21,431 Metasploit 3,228 Github 2,586 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,368 ruby 5,960 python 5,951 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24