Python Exploits
6,674 exploits tracked across all sources.
Easy File Sharing Web Server 7.2 - Unrestricted File Upload
by Chako
Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH)
by Chako
Easy File Sharing Web Server 7.2 - GET 'PassWD' Remote Buffer Overflow (SEH)
by clubjk
JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell.
by Juan Sacco
CVSS 9.8
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, 11.1 - Stack-based Buffer Overflow
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.
by defensecode
CVSS 7.3
PHPMailer < 5.2.20 - Remote Code Execution via Sendmail Argument Injection
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
by phackt_ul
CVSS 9.8
Zend Framework < 2.4.11 and zend-mail < 2.4.11 - Remote Code Execution via Sendmail Adapter setFrom Function
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
by phackt_ul
CVSS 9.8
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
by phackt_ul
CVSS 9.8
SwiftMailer < 5.4.5 - Remote Code Execution via Mail Command Parameter Injection
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
by phackt_ul
CVSS 9.8
IBM Informix Dynamic Server - Code Injection / Remote Code Execution
by IMgod
Easy File Sharing HTTP Server 7.2 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.
by bl4ck h4ck3r
VX Search Enterprise 9.7.18 - Local Buffer Overflow
by ScrR1pTK1dd13
HP PageWide/OfficeJet Pro <1708D - RCE
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
by Jacob Baines
CVSS 9.8
Easy MOV Converter 1.4.24 - 'Enter User Name' Local Buffer Overflow (SEH)
by abatchy17
Easy File Sharing Web Server 7.2 - 'POST' Remote Buffer Overflow
by Touhid M.Shaikh
Disk Pulse 9.7.26 - 'Add Directory' Local Buffer Overflow
by abatchy17
Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow
by abatchy17
DiskBoss 8.0.16 - 'Input Directory' Local Buffer Overflow
by abatchy17
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
by abatchy17
VMware vSphere Data Protection 5.5.x-6.1.x - Remote Code Execution via Deserialization
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
by Kelly Correll
CVSS 9.8
Mapscrn 2.0.3 Stack-Based Buffer Overflow
Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the stack and achieve code execution or denial of service.
by Juan Sacco
CVSS 8.4
IPFire < 2.19 - Authenticated Remote Command Injection via OINKCODE Parameter
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.
by 0x09AL
CVSS 8.8
EFS Software Easy Chat Server <3.1 - Info Disclosure
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
by Aitezaz Mohsin
CVSS 7.5
By Source