Python Exploits
5,951 exploits tracked across all sources.
ACME micro_httpd - Buffer Overflow
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
by Yuval tisf Nativ
syntax-error <1.1.1 - Code Injection
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.
by Cal Leeming
Kolibri 2.0 - Buffer Overflow
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.
by Revin Hadi Saputra
HP Storage Data Protector <8 - RCE
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
by Polunchis
Openvas Manager - Authentication Bypass
OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote attackers to bypass the OMP authentication restrictions and execute OMP commands via a crafted OMP request for version information, which causes the state to be set to CLIENT_AUTHENTIC, as demonstrated by the omp_xml_handle_end_element function in omp.c.
by EccE
Gitlist <0.5.0 - RCE
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
by drone
Gitter/Gitlist <Repository.php - Command Injection
Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.
by drone
ZeroCMS 1.0 - 'zero_transact_user.php' Handling Privilege Escalation
by Tiago Carvalho
ZTE / TP-Link RomPager - Denial of Service
by Osanda Malith Jayathissa
Core FTP LE 2.2 build 1798 - Buffer Overflow
Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command.
by Gabor Seljan
Easy File Management Web Server 5.3 - 'UserID' Remote Buffer Overflow (ROP)
by Julien Ahrens
Adaptivecomputing Torque Resource Manager - Memory Corruption
Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.
by bwall
EFS Software Efs FTP Server - Buffer Overflow
Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
by superkojiman
InfraRecorder - '.m3u' File Buffer Overflow (PoC)
by Osanda Malith Jayathissa
Core FTP Server 1.2 build 535 (32-bi)t - Crash (PoC)
by Kaczinski Ramirez
Easy File Management Web Server 5.3 - Remote Stack Buffer Overflow
by superkojiman
Easy Address Book Web Server 1.6 - Remote Stack Buffer Overflow
by superkojiman
mod_wsgi <3.4 - Info Disclosure
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
by Buck Golemon
CVSS 7.5
SafeNet Sentinel Protection Server <7.4.0 - Path Traversal
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.
by Matt Schmidt
SPIP <3.0.9, <2.1.22, <2.0.23 - Privilege Escalation
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.
by Gregory Draperi
Cairo - Denial of Service
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.
by Osanda Malith Jayathissa
ALLPlayer - '.wav' File Processing Memory Corruption
by Aryan Bayaninejad
By Source