Python Exploits
5,951 exploits tracked across all sources.
Joomla! Component Spider Contacts 1.3.6 - 'contacts_id' SQL Injection
by Claudio Viviani
Joomla! Component Spider Calendar 3.2.6 - SQL Injection
by Claudio Viviani
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5753. Reason: This candidate is a duplicate of CVE-2008-5753. Notes: All CVE users should reference CVE-2008-5753 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
by Robert Kugler
LeapFTP 3.1.0 - URL Handling Buffer Overflow (SEH)
by k3170makan
HTML Help Workshop 1.4 - Local Buffer Overflow (SEH)
by mr.pr0n
HTML Help Workshop 1.4 - Buffer Overflow (SEH) (PoC)
by Moroccan Kingdom (MKD)
Nagios Remote Plugin Executor <2.15 - RCE
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments
by Claudio Viviani
Xrms Crm - SQL Injection
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
by Benjamin Harris
Xrms Crm - SQL Injection
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
by Benjamin Harris
Plogger <1.0 RC1 - RCE
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/.
by b0z
Phpwiki - Code Injection
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information.
by Benjamin Harris
BlazeDVD Pro Player 7.0 - '.plf' Local Buffer Overflow (SEH)
by metacom
BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow
by Giovanni Bartolomucci
Symantec Endpoint Protection - Memory Corruption
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.
by ryujin & sickness
Pligg CMS <2.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
by BlackHawk
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5753. Reason: This candidate is a duplicate of CVE-2008-5753. Notes: All CVE users should reference CVE-2008-5753 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
by Gabor Seljan
Microsoft Windows XP SP3 - Privilege Escalation
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
by KoreLogic
MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities
by Ajin Abraham
By Source